Chapter 10. Responding to Insider Attacks
Insider attacks constitute a special, challenging situation for an incident response team. Insiders already have access to sensitive systems, access that might include a high degree of privilege. These people are, at least nominally, trusted. The attacks are often difficult to detect. Intrusion detection systems might be unable to distinguish an attack from a normal pattern of behavior. In fact, the theft and removal of data might not even qualify as an attack in the technical sense. Everyone who investigates might be a potential suspect.
An insider attack can be defined as the intentional misuse of ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
