Information Risk and Security
Preventing and Investigating Workplace Computer Crime
Information Risk and Security explains the complex and diverse sources of risk for any organization and provides clear guidance and strategies to address these threats before they happen, and to investigate them, if and when they do. Edward Wilding focuses particularly on internal IT risk, workplace crime, and the preservation of evidence, because it is these areas that are generally so mismanaged. There is advice on: ¢ preventing computer fraud, IP theft and systems sabotage ¢ adopting control and security measures that do not hinder business operations but which effectively block criminal access and misuse ¢ securing information - in both electronic and hard copy form ¢ understanding and countering the techniques by which employees are subverted or entrapped into giving access to systems and processes ¢ dealing with catastrophic risk ¢ best-practice for monitoring and securing office and wireless networks ¢ responding to attempted extortion and malicious information leaks ¢ conducting covert operations and forensic investigations ¢ securing evidence where computer misuse occurs and presenting this evidence in court and much more. The author's clear and informative style mixes numerous case studies with practical, down-to-earth and easily implemented advice to help everyone with responsibility for this threat to manage it effectively. This is an essential guide for risk and security managers, computer auditors, investigators, IT managers, line managers and non-technical experts; all those who need to understand the threat to workplace computers and information systems.
Table of Contents
Contents: Introduction; Perception of risk; Computer fraud; Espionage, intellectual property theft and leaks; Password misuse; Trash risk; Wireless risks; Sabotage, extortion and blackmail; Social engineering; Risks with personal computers; Pornography; Anonymous letters; Press leaks; Incident response; Ground rules on computer evidence; Covert operations; Analytical modes; Investigative resources; Computer evidence in court; Exit procedures; Conclusion; Appendices; Glossary; Index.
Edward Wilding has investigated several hundred cases of computer fraud and misuse in many jurisdictions. His previous book, Computer Evidence: A Forensic Investigations Handbook (Sweet and Maxwell 1996) was one of the first to discuss computer forensic investigations. The author has lectured widely, trained incident response teams, and conducted security and risk reviews for a diversity of clients. He has also served as an expert witness in civil and criminal cases, tribunals and official hearings, including the Hutton Inquiry. In 2002, he co-founded Data Genetics International (DGI), specializing in computer crime investigation, incident response and forensic evidence.
Edward Wilding, a renowned expert in computer forensics, explores, often in excruciating detail, the degree of risk that employees pose to their employer. From IT fraud, espionage, extortion and wireless interception to press leaks, anonymous letters and pornography. Wilding is unrelenting in his determination to catalogue every potential workplace crime and transgression...This book offers a highly valuable exploration of the reasons why businesses continue to suffer damaging security breaches, and the ways in which these can be prevented.' - Information Age 'In this tour de force of a publication, Edward Wilding guides readers through a maze of issues and solutions with clarity and conviction. The book is a 'must read' for every CIO.' - Information Security Specialist Group Magazine 'Many books on risk management and crisis management have similar aims; the prevention and detection of computer misuse. However, whilst many resort to simple checklists and promulgating nightmare scenarios that may never happen, Wilding's approach is more subtle, being grounded in "real life" examples and case studies as well as photographs and illustrations. This is the major strength of this book. The case studies put the advice in context and help the reader to understand the magnitude of the problems. Some of the examples may make the reader wince with guilty recognition... Some of the examples are truly extraordinary...This volume will have a deservedly wide readership well beyond the risk managers, IT Consultants, auditors and Personnel Directors at which it is principally aimed. All those who need to understand the inner workings of information technology, and the risks involved in its use, will find this book invaluable. In particular, litigation lawyers will find it of assistance when considering evidential issues, and for defining exactly what questions to ask when instructing forensic computer experts...Those who actually implement the strategies suggested will undou