Font Size: A A A

Home > Reviews > Insider Threat

Insider Threat

Author Dr Julie Mehan

ISBN No 9781849288392

Review date 16/06/2019

No of pages 301

Publisher IT Governance

Publisher URL

Year of publication 29/11/2016


Insider Threat - A Guide to Understanding, Detecting, and Defending Against the Enemy from Within

Our Review


£ 39.95

Insider Threat - A Guide to Understanding, Detecting, and Defending Against the Enemy from Within; by Dr Julie Mehan, paperback, published 2016 by IT Governance.

The author begins by describing her book as 'an attempt to understand the environment and psychology that leads an individual from being an insider to becoming an insider threat'. Not only does this take in some high-profile cases, but maybe terrorism; and personal privacy, and corporate intellectual property, as among the things at risk.

One of the welcome themes running through this book, and others published by Alan Calder's IT Governance publishing arm, is that they're neither techy nor ignorant of tech; they have the right balance between appreciating, as the author says early on, that the 'wild growth of information networks continues to be one of the most remarkable phenomena in human history', and to the enduring human reality of the insider threat; that information technology, cyber, call it what you like, is only a tool to do old things, whether espionage or gain wealth or revenge, or out of (usually male) pride. So while the author writes of aiming at cybersecurity people, it's a book as worth reading by non-cyber security people, or indeed anyone whose job requires them to be alive to the 'insider threat'.

Practitioners may well want something practical, and the author, an American, does suggest early on that the 'best defence against the insider threat must be found in the establishment of cybersecurity education and awareness, best of breed tools and robust policy'. And that takes in industry, academia and government - it'll take everything, in other words.

While on purpose it's not a book to go into case by case detail, Dr Mehan does touch on the Edward Snowden affair, that she calls 'an excellent case study in the insider threat, one where many of the personality traits and characteristics were evident - but were, unfortunately, ignored'. As a perfect example of the threat, Snowden had a privileged position in IT; felt disgruntled for some work-related reason (real or imagined); showed some signs of behaviour that managers could have picked up, if only; and some of the insider activity happened after quitting the job (with that privileged access not terminated, or bypassed). What is new is the sheer number of documents that Snowden was able to take out, next to impossible in the old days (well within living memory) of paper documents. Human nature as Dr Mehan points out remains the weakest link, 'when it comes to the juncture of people, process and technology'; but it remains intriguing that, presumably, lots of other people in Snowden's shoes have grudges, and can rationalise misdeeds against their employers; but not all go on to execute.

The author has many, many sound things to say about security culture and practice - do insiders need more access than they are given, are they given enough oversight. She ranges over policy, training, personnel management, reacting and recovering from an insider breach, and some 'worst practices' to avoid, which is a neat way of looking at the issue. Don't assume a well-written policy is the same as day to day reality. In fact, don't assume anything - a good idea in life generally. Don't ignore the danger from the naive and unintentional insider, who may do harm to an organisation through good intentions, or carelessness. Is pre-employment screening wide enough in scope. She's also smart enough to point out that doing the right security things is not enough - good managers and supervisers generally are likely to make for a more contented workforce, where 'counter-productive behaviours' are identified, and more to the point, addressed.

While US-based, Dr Mehan has worked outside the United States, and indeed quotes the British official CPNI approvingly.

This is a wise, and well-written, book about an important question. The question is not going to go away, and the book is highly recommended. That's not the same as saying that this, or any book (and each chapter has a short but useful reading list), can solve for you such a knotty and hidden problem as the 'insider threat'. And in fairness to Dr Mehan, she does sum up by admitting that the book can only provide a beginning to addressing the threat, which after all will continue to evolve as technology evolves. She ends on some good advice; break down the problem into its parts, and address them one at a time. And it's a journey not a destination.