Entries Tagged as 'Insider Threat '

Protecting Against Insider Threats with Enterprise Architecture Patterns

Insider Threat , Insider Threat Patterns 6 Comments »

Andrew P. Moore,
Insider Threat Researcher

Andrew P. MooreThe 2011 CyberSecurity Watch survey revealed that 27 percent of cybersecurity attacks against organizations were caused by disgruntled, greedy, or subversive insiders, employees, or contractors with access to that organization’s network systems or data. Of the 607 survey respondents, 43 percent view insider threat attacks as more costly and cited not only a financial loss but also damage to reputation, critical system disruption, and loss of confidential or proprietary information. For the Department of Defense (DoD) and industry, combating insider threat attacks is hard due to the authorized physical and logical access of insiders to organization systems and intimate knowledge of organizations themselves. Unfortunately, current countermeasures to insider threat are largely reactive, resulting in information systems storing sensitive information with inadequate protection against the range of procedural and technical vulnerabilities commonly exploited by insiders. This posting describes the work of researchers at the CERT® Insider Threat Center to help protect next-generation DoD enterprise systems against insider threats by capturing, validating, and applying enterprise architectural patterns.


Insider Threat: The Latest Research from the SEI

Insider Threat No Comments »

By Douglas C. Schmidt,
Chief Technology Officer

Douglas C. SchmidtHappy Independence Day from all of us here at the SEI. I’d like to take advantage of this special occasion to keep you apprised of a new technical report from the SEI. It’s part of an ongoing effort to keep you informed about the latest work of SEI technologists. This report highlights the latest work of SEI technologists in the fields of insider threat. This post includes a listing of the report, authors, and links where the published reports can be accessed on the SEI website.