'Insider risk has become a big issue, particularly as we depend so much on digital networks. Paul Martin's clear, comprehensive and thoughtful book leads us through the subject with telling, real-world examples.'
Jonathan Evans, former Director General of MI5
'Few people understand the world of Insider Risk as well as Paul Martin. This deceptively simple book is rooted in serious professional expertise and his own academic study of behaviour and risk. It clearly explains the problem, and suggests effective approaches. There are home truths about lack of investment in personnel security at the expense of other types of risk, and, because this is about human behaviour, it encourages better understanding of what motivates people to become insiders. Each chapter ends with discussion points which enable deeper reflection and would be useful for any organisation to consider.'
Suzanne Raine, Visiting Professor, King's College London, UK
'The book cleverly uses case studies as a way of reinforcing important points. The content is fully up to date and incorporates the most recent developments in this field. It challenges perception on insider motivations and the impact of different factors, and I found that some of its content has challenged my own thoughts on the matter. There are interesting insights into the psychology and personality traits behind insiders, and the author importantly provides potential solutions to the problem, as well as highlighting what the problem is itself. Trust and its relationship to Insider Risk makes interesting reading within the book. In Part 2, the author looks at potential solutions or mitigation responses to insider risk and the importance of adopting a systems approach. He also locates personnel security within a wider integrated approach to security, incorporating physical and cyber security. I particularly like the proactive approach he adopts when discussing how to address insider risk - 'Prevention is better than cure', rather than waiting for some form of insider activity to occur before responding to it. Importantly for Insider Risk practitioners, there is also a detailed chapter regarding detection and mitigation methods which can be applied, and models and metrics which can be used to assess insider risk. I found the book highly informative and extremely well researched. I would describe the author as a 'Simplifier', not a 'Complicator', as he has written the book in an easy to read and uncomplicated style, that makes it equally relevant for someone just coming into the field of Personnel Security and Insider Risk, as much as for the expert who has spent years working in this field of work.'
David BaMaung, Chair Special Interest Group Insider Risk, The Security Institute
'Insider Risk and Personnel Security by Paul Martin is excellent. It provides rigor and insights about the complexities involved in human nature, and will be useful as an antidote to war-story telling individuals who suggest that risk-related behavior and motivations fit neatly into well-bounded management tactics.'
Eric L. Lang, psychological, scientist and insider threat expert
'Paul Martin dives deep into 'insider risk', an often neglected area of security risk management, despite its prevalence as a critical key factor in many a case of espionage, cyber attack, fraud or thefts. At a time of rapid and unsettling changing, with war in Europe, ramping-up of geopolitical tensions, ever more sophisticated criminal acts and daily news of cyber attacks, I am sure we'll keep seeing creative attempts to exploit human vulnerabilities at the heart of our organisations, systems and networks. [He/the author/Paul] neatly takes us on an 'insiders' journey, explaining who those people are (not just employees!), their behavioural traits and work/life contexts, what makes them tick, concepts of trust and betrayal, effective security responses, and everything you might trip over on the way. If ever there was a book that illustrates that security is a truly human challenge that needs more than technical solutions, this is it. The author brings a unique mix of academic rigour and practitioner realism to his writing, which is direct, clear and illustrated with frequent case studies. This book is an excellent source of insight and an easy, enjoyable read for leaders, practitioners, students and researchers alike. As a non-executive director on several boards, I recommend it to executive and non-executive Board colleagues. We need ''insider risk'' up there with cyber-risks in that reddest corner of the risk matrix!'
Fiona Strens, Professor of Practice, Security & Resilience, University of Strathclyde, UK
Jonathan Evans, former Director General of MI5
'Few people understand the world of Insider Risk as well as Paul Martin. This deceptively simple book is rooted in serious professional expertise and his own academic study of behaviour and risk. It clearly explains the problem, and suggests effective approaches. There are home truths about lack of investment in personnel security at the expense of other types of risk, and, because this is about human behaviour, it encourages better understanding of what motivates people to become insiders. Each chapter ends with discussion points which enable deeper reflection and would be useful for any organisation to consider.'
Suzanne Raine, Visiting Professor, King's College London, UK
'The book cleverly uses case studies as a way of reinforcing important points. The content is fully up to date and incorporates the most recent developments in this field. It challenges perception on insider motivations and the impact of different factors, and I found that some of its content has challenged my own thoughts on the matter. There are interesting insights into the psychology and personality traits behind insiders, and the author importantly provides potential solutions to the problem, as well as highlighting what the problem is itself. Trust and its relationship to Insider Risk makes interesting reading within the book. In Part 2, the author looks at potential solutions or mitigation responses to insider risk and the importance of adopting a systems approach. He also locates personnel security within a wider integrated approach to security, incorporating physical and cyber security. I particularly like the proactive approach he adopts when discussing how to address insider risk - 'Prevention is better than cure', rather than waiting for some form of insider activity to occur before responding to it. Importantly for Insider Risk practitioners, there is also a detailed chapter regarding detection and mitigation methods which can be applied, and models and metrics which can be used to assess insider risk. I found the book highly informative and extremely well researched. I would describe the author as a 'Simplifier', not a 'Complicator', as he has written the book in an easy to read and uncomplicated style, that makes it equally relevant for someone just coming into the field of Personnel Security and Insider Risk, as much as for the expert who has spent years working in this field of work.'
David BaMaung, Chair Special Interest Group Insider Risk, The Security Institute
'Insider Risk and Personnel Security by Paul Martin is excellent. It provides rigor and insights about the complexities involved in human nature, and will be useful as an antidote to war-story telling individuals who suggest that risk-related behavior and motivations fit neatly into well-bounded management tactics.'
Eric L. Lang, psychological, scientist and insider threat expert
'Paul Martin dives deep into 'insider risk', an often neglected area of security risk management, despite its prevalence as a critical key factor in many a case of espionage, cyber attack, fraud or thefts. At a time of rapid and unsettling changing, with war in Europe, ramping-up of geopolitical tensions, ever more sophisticated criminal acts and daily news of cyber attacks, I am sure we'll keep seeing creative attempts to exploit human vulnerabilities at the heart of our organisations, systems and networks. [He/the author/Paul] neatly takes us on an 'insiders' journey, explaining who those people are (not just employees!), their behavioural traits and work/life contexts, what makes them tick, concepts of trust and betrayal, effective security responses, and everything you might trip over on the way. If ever there was a book that illustrates that security is a truly human challenge that needs more than technical solutions, this is it. The author brings a unique mix of academic rigour and practitioner realism to his writing, which is direct, clear and illustrated with frequent case studies. This book is an excellent source of insight and an easy, enjoyable read for leaders, practitioners, students and researchers alike. As a non-executive director on several boards, I recommend it to executive and non-executive Board colleagues. We need ''insider risk'' up there with cyber-risks in that reddest corner of the risk matrix!'
Fiona Strens, Professor of Practice, Security & Resilience, University of Strathclyde, UK