By Randy Trzeciak,
Senior Member of the Technical Staff
The CERT Program
According to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, CERT Insider Threat researchers have collected incidents related to malicious activity by insiders obtained from a number of sources, including media reports, the courts, the United States Secret Service, victim organizations, and interviews with convicted felons. From these cases, four patterns of insider threat behavior have been identified: (1) information technology (IT) sabotage, (2) fraud, (3) national security/espionage, and (4) theft of intellectual property (IP). From those patterns, our researchers developed controls that combine technological tools with behavioral indicators to identify employees at risk for committing cyber crimes. These tools and indicators provide those who monitor networks a better warning of potential anomalous behavior. This blog posting—the first in a series highlighting controls developed by the CERT Insider Threat Center—explores controls developed to prevent, identify, or detect IP theft.
By Douglas C. Schmidt
use the SEI Blog to inform you about the latest work at the SEI, so
this week I'm summarizing some video presentations recently posted to
the SEI website from the SEI Technologies Forum.
This virtual event held in late 2011 brought together participants from
more than 50 countries to engage with SEI researchers on a sample of
our latest work, including cloud computing, insider threat, Agile
development, software architecture, security, measurement, process
improvement, and acquisition dynamics. This post includes a description
of all the video presentations from the first event, along with links
where you can view the full presentations on the SEI website.
By Douglas C. Schmidt
As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in insider threat, interoperability, service-oriented architecture, operational resilience, and automated remediation. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.
By Douglas C. Schmidt,
Chief Technology Officer
As part of an ongoing effort
to keep you informed about our latest work, I'd like to let you know
about some recently published SEI technical reports and notes. These
reports highlight the latest work of SEI technologists in Agile methods, insider threat,the SMART Grid Maturity Model, acquisition, and CMMI.
This post includes a listing of each report, author/s, and links where
the published reports can be accessed on the SEI website.
Andrew P. Moore,
Insider Threat Researcher
The 2011 CyberSecurity Watch survey
revealed that 27 percent of cybersecurity attacks against organizations
were caused by disgruntled, greedy, or subversive insiders, employees,
or contractors with access to that organization’s network systems or
data. Of the 607 survey respondents, 43 percent view insider threat
attacks as more costly and cited not only a financial loss but also
damage to reputation, critical system disruption, and loss of
confidential or proprietary information. For the Department of Defense
(DoD) and industry, combating insider threat attacks is hard due to the
authorized physical and logical access of insiders to organization
systems and intimate knowledge of organizations themselves.
Unfortunately, current countermeasures to insider threat are largely
reactive, resulting in information systems storing sensitive information
with inadequate protection against the range of procedural and
technical vulnerabilities commonly exploited by insiders. This posting
describes the work of researchers at the CERT® Insider Threat Center
to help protect next-generation DoD enterprise systems against insider
threats by capturing, validating, and applying enterprise architectural