JOnline: Insider Computer Fraud: An In-depth Framework for Detecting and Defending Against Insider Attacks 

 
Download Article

Insider threat has been an ever-present phenomenon in IT security. In fact, whether traditional, regular or computer frauds, the experience has been that insiders play a major role in perpetrating, assisting or covering up these frauds and incidents. More than half of the malicious incidents in IT security are caused by insider abuse and misuse. Given this, one would naturally expect that organizations would be geared up to meet this challenge. But, the reality seems to be that insider threat has been overlooked by many organizations for too long.

Insider Computer Fraud addresses this gap by introducing the reader to the topic and problems of insider computer fraud. It goes on to outline a practical framework and methodology for identification, measuring, monitoring and controlling the risks associated with insider threat and abuse.

It covers relevant material that will be useful to management and to the IS audit and compliance community at large.

Major topics, concepts and issues required for understanding and dealing with insider computer fraud activity are covered in the book. These include:
  • Strategic planning process
  • Risk governance process
  • Risk categorization and assessment
  • Risk and threat assessment process
  • The defense in-depth model and security efficiency calculation
  • Application security
  • Penetration testing
  • Web services security
  • Insider computer fraud identification: key fraud indicators, key fraud metrics and key fraud signatures
  • Control point identification and forensic photo frames (snapshots)
  • Application journaling
  • Privacy
  • Insider computer fraud anomaly detection
  • Information security pattern analysis

The book not only attempts to highlight the need, importance and issues pertaining to insider computer fraud, but also presents a methodology for dealing with it. The methodology is based on sound principles, including a risk assessment, treatment, mitigation and follow-up mechanism. Thus, it addresses the needs of security professionals, system administrators and members of the executive management team.

Insider abuse and threat are challenges in all industries and organizations spread across all verticals, including government, the public sector, and private enterprises. The book, therefore, has a wide appeal across all segments, regions and countries, and is recommended for professionals interested in dealing with and controlling insider computer fraud.

The author’s considerable experience in assessing the adequacy of IT security in banking and securities industries is reflected in the quality and usefulness of the book. The book does not provide a prescriptive solution with a series of steps, but is more process-driven to help the reader in understanding both management and technical controls that help in reducing the impact of insider computer frauds.

The subject is well covered in 11 chapters, with adequate figures, tables, lists and diagrams, and is followed by six appendices that provide inputs such as application access controls, application data organization, management information systems (MIS), a cybersecurity health check, a list of acronyms, a glossary and a useful index.

Editor’s Note:

Insider Computer Fraud—An In-depth Framework for Detecting and Defending Against Insider Attacks is available from the ISACA Bookstore. For information, visit www.isaca.org/bookstore, e-mail bookstore@isaca.org or telephone +1.847.660.5650.

Reviewed by Vishnu Kanhere, Ph.D., CISA, CISM, AICWA, CFE, FCA
an expert in software valuation, IS security and IS audit. A renowned faculty member at several management institutes, government academies and corporate training programs, Kanhere is a member of the Sectional Committee LITD 17 on Information Security and Biometrics of the Bureau of Indian Standards. He is currently newsletter editor and academic relations, standards and research coordinator of the ISACA Mumbai Chapter; member of the ISACA Publications Committee; honorary secretary of the Computer Society of India, Mumbai Chapter; convener of a special interest group on security; chairman of WIRC of eISA; and convener of the security committee of the IT cell of Indian Merchants’ Chamber. He can be contacted at vkanhere@vsnl.com or vishnukanhere@yahoo.com.


ISACA Journal, formerly Information Systems Control Journal, is published by ISACA, a nonprofit organization created for the public in 1969. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors, employers or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.

Subscription Rates:
US: one year (6 issues) $75.00
All international orders: one year (6 issues) $90.00
Remittance must be made in US funds.