SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way to not just manage risks, but to achieve mission assurance. Resilience has been codified in our CERT-Resilience Management Model (CERT-RMM), which is a maturity framework of best practices across security, business continuity, and information technology operations focused on an organization's critical assets.

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These reports are based on surveys of approximately 400 organizations across the country, ranging in size from less than 100 employees to over 10,000.

In this blog post, I describe sentiment analysis and discuss its use in the area of insider threat. Sentiment analysis, often referred to as opinion mining, refers to the application of natural language processing (NLP), computational linguistics, and text analytics to identify and extract subjective information in source materials (Wikipedia).

IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of a victim organization. What makes sabotage so compelling a concern is the notion that a few lines of code can put an organization out of business.

In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is a relationship between an insider's salary and the financial impact of related incidents. Comparing the estimated salary of malicious insiders with impacts self-reported by victim organizations in publicly available sources (i.e., in court filings) may offer analytical insight for quantifying risk.