Cover -- Contents -- Foreword -- Introduction -- Part I Background on Cyber Crime, Insider Threats, and ESM -- Chapter 1 Cyber Crime and Cyber Criminals 101 -- About This Chapter -- Computer Dependence and Internet Growth -- Motivations for Cyber Criminal Activity -- Black Markets -- Hackers -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Insiders -- Tools of the Trade -- Chapter 2 Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- Insider Threats from a Business Perspective -- Insider Threats from a Technical Perspective -- Chapter 3 Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- Part II Real Life Case Studies -- Chapter 4 Imbalanced Security- A Singaporean Data Center -- Chapter 5 Comparing Physical & Logical Security Events-A U.S. Government Agency -- Chapter 6 Insider with a Conscience- An Austrian Retailer -- Chapter 7 Collaborative Threat-A Telecommunications Company in the U.S. -- Chapter 8 Outbreak from Within-A Financial Organization in the U.K. -- Chapter 9 Mixing Revenge and Passwords- A Utility Company in Brazil -- Chapter 10 Rapid Remediation- A University in the United States -- Chapter 11 Suspicious Activity-A Consulting Company in Spain -- Chapter 12 Insiders Abridged -- Malicious Use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for Another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus.

Part III The Extensibility of ESM -- Chapter 13 Establishing Chainof- Custody Best Practices with ESM -- Disclaimer -- Monitoring and Disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Chapter 14 Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- Why Sarbanes-Oxley -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Section 409: Real-Time Issuer Disclosures -- Chapter 15 Incident Management with ESM -- Incident Management Basics -- Building an Incident Management Program -- Chapter 16 Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One-Employees -- Question Two-Prevention -- Question Three-Asset Inventories -- Question Four-Log Collection -- Question Five-Log Analysis -- Question Six- Specialized Insider Content -- Question Seven-Physical and Logical Security Convergence -- Question Eight-IT Governance -- Question Nine-Incident Response -- Question Ten-Must Haves -- Appendix A Examples of Cyber Crime Prosecutions -- U.S. Department of Justice Cases -- Bibliography -- Index.