FREE Delivery in the UK.
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Enemy at the Water Cooler... has been added to your Basket
+ £2.80 UK delivery
Used: Very Good | Details
Sold by ThriftBooks-USA
Condition: Used: Very Good
Comment: All items ship from the USA.  Arrival time is usually 2-3 weeks. Book has appearance of light use with no easily noticeable wear. Spend Less. Read More. Your satisfaction is guaranteed.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management Countermeasures Paperback – 24 Dec 2006

4.0 out of 5 stars 1 customer review

See all 4 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£21.01 £0.98
Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more
£33.99 FREE Delivery in the UK. In stock. Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

  • Paperback: 288 pages
  • Publisher: Syngress (24 Dec. 2006)
  • Language: English
  • ISBN-10: 1597491292
  • ISBN-13: 978-1597491297
  • Product Dimensions: 17.9 x 2.1 x 22.7 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 125,062 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description


Throughout, Contos uses his extensive personal experiences to illustrate Internet security breaches and provide countermeasures. This book requires little if any technical background and is intended to appeal to a broad audience.- Choice, E. M. Aupperle

About the Author

Brian T. Contos, CISSP, Chief Security Officer, ArcSight Inc. has over a decade of real-world security engineering and management expertise developed in some of the most sensitive and mission-critical environments in the world. As ArcSight's CSO he advises government organizations and Global 1,000s on security strategy related to Enterprise Security Management (ESM) solutions while being an evangelist for the security space. He has delivered security-related speeches, white papers, webcasts, podcasts and most recently published a book on insider threats titled - Enemy at the Water Cooler. He frequently appears in media outlets including: Forbes, The London Times, Computerworld, SC Magazine, Tech News World, Financial Sector Technology and the Sarbanes-Oxley Compliance Journal. Mr. Contos has held management and engineering positions at Riptech, Lucent Bell Labs, Compaq Computers and the Defense Information Systems Agency (DISA). He has worked throughout North America, South America, Western Europe, and Asia and holds a B.S. from the University of Arizona in addition to a number of industry and vendor certifications.

Customer Reviews

4.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback Verified Purchase
I stumbled across the book about a year ago (Q2 2009), when during my time working for a client we had a situation where an employee, angry at being made redundant, decided to leak as much information as possible to a competitor. I was asked to help develop a strategy and training course for that client to ensure this situation didn't occur again. Having never developed such a specific course before, I was a little lost until a colleague recommended Brain Contos' book to me.

My initial thought upon picking this book up, was that it might be a bit dated - having been published back in 2007, but I need not have worried despite some of the technologies covered by the book having moved on. There is for example no spear-fishing to be found here or any of the targeting attacks that have developed post 2007. However this is to say the book should be discarded, it should not as the situations and motivations of those who set out to harm, are timeless.

The style of writing is exceptionally straight forward and the writing style is so clear that few people will fail to understand both the threats and the lessons to be learnt from the scenarios presented within the book. Certainly I have found myself referring to this book time and again.

It is hard to highlight exactly what makes this book so valuable, but probably the key information is distilled a number of key areas:

Chapter 2 covers the exactly what it is that motives a trusted employee to become harmful to an organisation. It approaches this subject in a way I've not seen presented, as it covers the psychology of the malcontent, and how such insider threats might been seen - from a personal, business and probably more importantly from an external reputational perspective.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Helpful Customer Reviews on (beta) 3.5 out of 5 stars 8 reviews
17 of 20 people found the following review helpful
2.0 out of 5 stars "If the only tool you have is a hammer, then every problem is a nail." 9 Jan. 2007
By Dr. G. Hinson - Published on
Format: Paperback Verified Purchase
Ignore the main title - look at the subtitle. This book is little more than a sales pitch for Enterprise Security Management systems, or more specifically the ESM sold by the author's company, with a random assortment of largely unattributed and barely analyzed anecdotes on information security incidents mostly relating to ESM. The link to "insider threats' is tenuous at best and in the most part is merely used as an excuse to hype the wonders of ESM.

If you are seriously interested in ESM, you probably wrote the gushing "review notes" on the cover or the foreword (written by Hugh Njemanze, CTO of - you guessed it - the same ESM company). I'm far from convinced that anyone else (except perhaps from the ESM company and its customers who may be happy with an extremely biased view of the value of ESM) would benefit from this book, even if it is "vendor neutral" (page xxii). If you are looking for some meaningful insight into and analysis of the "insider threat", and perhaps some practical and worthwhile countermeasures apart from ESM, look elsewhere.
7 of 9 people found the following review helpful
4.0 out of 5 stars Explores an important often neglected topic 30 Nov. 2006
By Ben Rothke - Published on
Format: Paperback
Even though hacker Kevin Mitnick's notorious exploits are more than a decade old, the media, and even some security professionals, continue to be obsessed with him. In early October 2006 alone, his name came up a few dozen times in a search of the prior month of Google News. Those obsessed with hackers are missing the far greater threat: trusted insiders.

The insider threat shouldn't be a surprise: employee theft takes a bigger bite out of retailers than does shoplifting, and company personnel give away more secrets than are stolen by spies.

On average, authorized network users gain access to 10 to 20 times more resources than they need to perform their jobs, and this extra access leads to most network security breaches. With that as its starting point, Enemy at the Water Cooler looks at the problem of the trusted insider and how to reduce both the threat and the vulnerability. Author Brian Contos astutely notes that insider attacks are the hardest ones to defend against, detect, and manage.

The first part of the book sketches the risks that insiders pose to an organization. It also details mechanisms that can be used to control these risks.

One such solution is ESM (Enterprise Security Management) software. (Full disclosure: the author is the CSO for a leading ESM vendor and some of the illustrations in the book are screenshots from this vendor's product.) ESM software centrally collects and analyzes log data from various entities within a network. When correctly deployed, ESM can be used to discover internal risks, in addition to correlating security information and performing other valuable tasks.

The final chapters of the book run through real-life case studies in which Contos shows how ESM mitigated, or could have mitigated, the risk.

Although the book has a lot of information, at $49.95 for fewer than 250 pages, the book is overpriced. Even though it can come across as self-serving, the book should be commended for tackling a vital and often neglected topic.
2 of 4 people found the following review helpful
5.0 out of 5 stars Great information and case studies - great book 15 Nov. 2006
By Security in Texas - Published on
Format: Paperback
This book was extremely easy to read and enjoyable. The case studies made complex concepts such as collaborative attacks and advanced intruder discovery/remediation techniques understandable. I've even shared the case studies with my management as examples of risk to help push our insider threat program forward. I found that sharing key case studies that are relevant to our business helped to make my point about why we need to pay more attention to threats from the inside. And the way the book is written, I don't need to translate tech talk to business talk.

In addition to the insider threat information, the initial chapter that gives an overview of computer-based threats from organized crime, nation-states and terrorist was an eyeopener. The author does an excellent job explaining how these groups use insiders (employees mostly) to help carryout their agendas.

Since reading the book I've also listened to several webcasts and podcasts from the author. I found these to be informative and in several instances, the case studies from the book are explored in even more detail as the author discusses subtitle points that aren't necessarily covered in the book.

I've read a few books on insider threat now, and this is by far one of my favorites, and more so, it has shown great utility at work. Engineers like it, and so does my senior management.
1 of 3 people found the following review helpful
4.0 out of 5 stars Reads like a conversation 28 Sept. 2006
By Harrison Holland - Published on
Format: Paperback
This book starts off nice and easy, giving a good introduction to cyber crime before getting into the more technical aspects of mitigating insider threats. I liked that very much, as opposed to the aggressive beginnings of most security books. I really enjoyed the real life scenarios that were described in this book. Sometimes the best way to learn is by looking at the mistakes of others. In the security world, it's often hard to predict what clever new method an attacker may use to get what he wants; by looking at examples of real world cases you can better equip yourself with the ability to prevent intrusions. Perhaps the part about this book that I liked the most was the writing style. It felt like a conversation. Very easy to read and follow.
7 of 11 people found the following review helpful
4.0 out of 5 stars Real Life Security Stories 13 April 2007
By Dan McKinnon - Published on
Format: Paperback
'Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures' by Brian Contos is an interesting look at some real-life situations that have occurred where nasties have gotten into systems and wrecked the havoc that they are looking to cause. While some reviewers have argued that this book is just a sales pitch to go out and buy anti-hacker software and hardware to combat these criminals, they are probably right!!! Security is always a matter of finding the right balance but certainly erring on the side of caution certainly is the safer way to go in most cases!!

Good book for IT people and specifically security whizzes to take a look at.

Were these reviews helpful? Let us know