CATEGORIES
Explore All News
TOP STORIES

LATEST ISSUE

June 2026

READ ONLINE

Subscribe to Print Edition

SUBSCRIBE
ARCHIVE
May 2026
April 2026
March 2026
February 2026
January 2026
December 2025

Download our App

Subscribe to
Newsletter
FEATURED JOBS
United Kingdom | Full Time

Regional/Country Security Advisers

VIEW ALL JOBS
CATEGORIES
QUICK SEARCH

This months jobs sponsored by:

PRODUCT CATEGORIES
Explore Products
TOP STORIES
SECURITY TWENTY
REGISTER
AWARDS
EVENT CALENDAR
2026
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
ALL EVENTS
VIDEO CATEGORIES
ALL VIDEOS
FEATURED VIDEOS
FEATURED VIDEO
Ajax Special event – Dare to be first
FEATURED VIDEO
WIS 2025 montage of photos
FEATURED VIDEO
WIS Awards 2025
COMPANY INFORMATION
BUSINESS & ADVERTISING
EVENTS & RECOGNITION
TESTIMONIALS

โ€œReceived the latest edition of Professional Security Magazine, once again a very enjoyable magazine to read, interesting content keeps me reading from front to back. Keep up the good work on such an informative magazine.โ€

Graham Penn
ALL TESTIMONIALS
GALLERIES
ACS Pacesetters Awards 2026
ST26 Glasgow
WCoSP Spring Ball 2026
ALL GALLERIES
FIND A BUSINESS

Would you like your business to be added to this list?

ADD LISTING
FEATURED COMPANY
FEATURED COMPANY

TechMondial Limited

TechMondial Limited, established in 2004, is an international master-distributor of world-leading security technologies – primarily in the perimeterย security (UVSS and…

FEATURED COMPANY

You too can have your company featured in this slot if you wish, call the office on 01922 415233 if you're interested in this.

Sunday, June 14, 2026
Font size: A A A
Our events:
Security Twenty
Women in Security Awards
Latest Jobs
Senior Mechanical Consultant Engineer / Croydon
Account Manager / Edinburgh
Design Lead / Remote
Fire & Security Engineer – Midlands / Midlands
Fire Engineer Scotland / Scotland
Security Engineer Scotland / Scotland
Associate Director, Fire Engineering / Colchester
Senior Facade Engineer / Colchester
Key Account Manager – Custodial / South, UK
Solutions Design Lead – Smart Buildings / Security / UK - City of London
Post a Job Ad

Insider Threat

by Mark Rowe

Author: Michael G Gelles

ISBN No: 9780128024102

Review date: 14/06/2026

No of pages: 252

Publisher: Butterworth-Heinemann

Publisher URL:
http://store.elsevier.com/product.jsp?isbn=9780128024102

Year of publication: 01/08/2016

Brief:

Insider Threat: Prevention, Detection, Mitigation, and Deterrence by Michael G Gelles. Published 2016 by Butterworth-Heinemann. ISBN: 9780128024102, 252 pages, print price ยฃ26.34. Visit www.elsevier.com.

price

£26.34

As you might imagine, an American book on the insider threat does not take long before it mentions Edward Snowden.

As Michael G Gelles says at the beginning of his Insider Threat: Prevention, Detection, Mitigation, and Deterrence, the insider threat is โ€˜not a new phenomenonโ€™. Why does a trusted employee do sabotage, or espionage? As Gelles sets out, the greatest risk comes not from the external spy, but from that employee whoโ€™s already got the physical or digital keys (although we might add that the insider might need to connect with the outside spy agency or someone whoโ€™s paying or corrupting him; again, whether physically or digitally). That we know all that and America has the examples from history to prove it – the leaking of atom bomb secrets to the Russians, any number of corporate cases – does not, evidently, make the threat any easier to detect.

For one thing, thatโ€™s because as Gelles points out โ€˜there is no psychologial or demographic profile for an insider threatโ€™. The treachery – betrayal, however you like to put it – does not happen on impulse. Rather, Gelles suggests a pattern of malice from the insider – who โ€˜gets an idea, ruminates, and then begins testing if the idea can be executedโ€™. So there are โ€˜red flagsโ€™; no single motive, but the employee may feel a sense of entitlement. Intriguingly, the author suggests this applies to the younger generation of tech types, if they develop a product; they feel they own it.

Much of Gellesโ€™ advice is sound for security and indeed life in general; trust but verify (as President Reagan put it); look for precursors (those red flags – but then you have to be open to whistle-blowing from other employees, and do something about it, and not just anything but the right thing); connect the dots (a smart one, this, learning what processes or policies are poor, to improve them so other employees donโ€™t take advantage of weaknesses the same). And set expectations – let the workforce know what they can and ought not to do, for instance whatโ€™s acceptable use of social media. Gelles in a readable style sets out that taking on the insider threat takes in every facet of security and risk management, from recruitment and IT (such as removal media, which letโ€™s remember Snowden used, making the physical taking away of data so much easier than in the days of paper – to leave the book for a minute, remember the tension in the 2011 film Tinker Tailor Soldier Spy of the crucial log book from the archive; how much easier itโ€™d be with a memory stick, although that would not make such good cinema!?).

Gelles is as sure-footed when he writes of what to do, as what the threat is, even taking on such thorny issues for security management and indeed the service sector in general as how to measure return on investment. He offers several suggestions, such as number of cases opened. Itโ€™s noteworthy that here he points to the Holistic Management of Employee Risk (HoMER), from the official UK Centre for the Protection of National Infrastructure (CPNI) – http://www.cpni.gov.uk/highlights/homer-news/). While someone has to be captain of the โ€˜insider threat teamโ€™, it takes in more than security – such as human resources and legal, as Gelles wisely points out. Unlike some writers and security people who unwisely stress how insecure everything is and how it has to be made secure – which frankly cuts little ice in business for long, or often – the author thinks in terms of risk management, and devotes a chapter to โ€˜establishing an organisational risk appetiteโ€™, including case studies. As he writes at the very end, risk will never be zero; โ€˜the key is to find the most efficient and effective way to manage residual riskโ€™.

Gelles winds up with a look at โ€˜what the future holdsโ€™ and makes the point that as workplaces change, so we are seeing โ€˜a secondary layer of insidersโ€™ – contractors or sub-contractors who have access, but maybe not the same loyalty to the employer (think Snowden and the NSA again?). In other words, the very definition of an โ€˜insiderโ€™ may be changing. Nor do employees have to be malicious to pose a threat; their complacency can be as damaging.

Overall, a most assured and readable book that is, rightly, as at home in the cyber world (and Big Data) as in the physical. Whatever your branch or field of security, or your background or seniority, this book is of use and interest – unless your organisation doesnโ€™t suffer from an insider threat. In that case, is the work of your organisation up to much, and not worth stealing or leaking?!

Close