Entries Tagged as 'Insider Threat '

A Multi-Dimensional Approach to Insider Threat

Insider Threat , Insider Threat Patterns No Comments »

By David Mundie
Senior Member of the Technical Staff
CERT Division

David MundieResearchers on the CERT Division’s insider threat team have presented several of the 26 patterns identified by analyzing our insider threat database, which is based on examinations of more than 700 insider threat cases and interviews with the United States Secret Service, victims’ organizations, and convicted felons. Through our analysis, we identified more than 100 categories of weaknesses in systems, processes, people, or technologies that allowed insider threats to occur. One aspect of our research focuses on identifying enterprise architecture patterns that organizations can use to protect their systems from malicious insider threat. Now that we’ve developed 26 patterns, our next priority is to assemble these patterns into a pattern language that organizations can use to bolster their resources and make them more resilient against insider threats. This blog post is the third installment in a series that describes our research to create and validate an insider threat mitigation pattern language to help organizations balance the cost of security controls with the risk of insider compromise.

Read more...

The Latest Research from the SEI

Insider Threat , Malware No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtAs part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in quantifying expert judgment, insider threat, detecting and preventing data exfiltration, and developing a common vocabulary for malware analysts. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

The Latest Research from the SEI

Insider Threat , Resilience Management Model (RMM) No Comments »

By Douglas C. Schmidt
Principal Researcher

Doug SchmidtAs part of an ongoing effort to keep you informed about our latest work, I’d like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in and systems engineering, resilience, and insider threat. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

Enabling and Measuring Early Detection of Insider Threats

Insider Threat No Comments »

By Dr. Bill Claycomb
Senior Member of the Technical Staff
CERT Insider Threat Center

William ClaycombSabotage of IT systems by employees (the so-called “inside threat”) is a serious problem facing many companies today.  Not only can data or computing systems be damaged, but outward-facing systems can be compromised to such an extent that customers cannot access an organization’s resources or products.  Previous blog postings  on the topic of insider threat have discussed mitigation patterns, controls that help identify insiders at risk of committing cyber crime, and the protection of next-generation DoD enterprise systems against insider threats through the capture, validation, and application of enterprise architectural patterns. This blog post describes our latest research in determining the indicators that insiders might demonstrate prior to attacks.

Read more...

Effectiveness of a Pattern for Preventing Theft by Insiders

CERT , Insider Threat , Insider Threat Patterns No Comments »

By Andrew P. Moore
Senior Member of the Technical Staff
The CERT Program

Andrew P. Moore Since 2001, researchers at the CERT Insider Threat Center have documented malicious insider activity by examining media reports and court transcripts and conducting interviews with the United States Secret Service, victims’ organizations, and convicted felons. Among the more than 700 insider threat cases that we’ve documented, our analysis has identified more than 100 categories of weaknesses in systems, processes, people or technologies that allowed insider threats to occur. One aspect of our research has focused on identifying enterprise architecture patterns that protect organization systems from malicious insider threat. Enterprise architecture patterns are organization patterns that involve the full scope of enterprise architecture concerns, including people, processes, technology, and facilities. Our goal with this pattern work is to equip organizations with the tools necessary to institute controls that will reduce the incidence of insider compromise. This blog post is the second in a series that describes our research to create and validate an insider threat mitigation pattern language that focuses on helping organizations balance the cost of security controls with the risk of insider compromise.

Read more...