Insider threats have been the bane of organizations from time immemorial. When it comes to data threats, for over a decade, the CERT Insider Threat Center has been dedicated to combatting cybersecurity insider threats. Their scientific-based research is the gold standard on the topic.

In the newly released Insider Threat: Prevention, Detection, Mitigation, and Deterrence (Butterworth-Heinemann ISBN 978-0128024102), author Dr. Michael Gelles has added an excellent title to the topic.

While the gold standard on the topic is still The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, this book does add a different angle to the topic, in addition to a lot of timely information and case studies.


While the CERT guide is more about the underlying reasons for the insider attacks and crimes, the approach in Gelles is how to build an enterprise program to deal with and defend against insider threats.

After providing a few chapters of introduction to the topic and problem, the book details a systematic method to developing an internal insider threat program.

Until I read about it in in the book, I had never heard of the Holistic Management of Employee Risk (HoMER), from the UK-based Centre for the Protection of National Infrastructure. HoMER provides guidance on organizational governance, security culture, and controls to help firms mitigate people risk. Like the CERT Insider Threat Center, HoMER has a significant amount of helpful material.

While many consider insiders to be employees, the book does a very good job of showing how to deal with other types of insiders, such as trusted vendors. Gelles reminds the reader of Edward Snowden, whose insider disclosure is perhaps the greatest insider breach today.

Aside from mentioning Marigold, a Deloitte software tool, Gelles seems to want to keep the book vendor agnostic and does not list any hardware or software tools that can be used for insider threat detection. Personally, I would have appreciated it had he created a list of such tools, as they are a crucial part of an insider threat program.

The book has a significant amount of charts and graphs which are invaluable in communicating to management the crucial importance of an insider threat program.

Insider threat exists within every organization, so this book is all reality, no theory. For those looking for a guide in which they can use to start the development of an insider threat detection program, Insider Threat: Prevention, Detection, Mitigation, and Deterrence is a most worthwhile reference.