SEI Insights

Recent Posts

Tightening an organization's cybersecurity can be very complex, and just purchasing a piece of new hardware or software isn't enough. Instead, you might begin by looking at the most common baseline cyber practices that other organizations use in their cybersecurity programs--their cyber hygiene. This post will introduce fundamental cyber hygiene practices for organizations and help you understand the cyber-risk problem space....

As the defense workforce attracts younger staff members, this digital native generation is having an effect. "To accommodate millennial IT workers, so-called 'digital natives,'" wrote Phil Goldstein in a May 2016 FedTech article, "the service branches of the Department of Defense need to square cybersecurity with the attitudes and behaviors of younger employees, according to senior defense IT officials." Digital natives approach technology differently than digital immigrants, which includes those born before the widespread use...

Equifax. Target. The Office of Personnel Management. Each new cyber hack victim has a story that makes the need for cyber risk management more urgent. Any organization hoping to maintain operational resilience during disruption should implement risk management. Unfortunately, that comes with many unknowns: Which risk management framework to use? Is risk management expensive? What's the return on investment? This post will help you guide your organization out of this decision paralysis by introducing the...

Insider threat continues to be a problem with approximately 50 percent of organizations experiencing at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. Although the attack methods vary depending on the industry, the primary types of attacks identified by researchers at the CERT Insider Threat Center--theft of intellectual property, sabotage, fraud, and espionage--continue to hold true. In our work with public and private industry, we continue to...

You've known this blog as the Insider Threat blog, and this will continue to be your go-to source as we share our findings and explore the impact insider threat has on information technology and human resources practices and policies. Our new, expanded content will cover topics across a more broad spectrum that will continue to include insider threat topics as well as others related to how organizations ensure their resilience against disruptive events like cyberattacks....

Blogs

CERT/CC

Timely insights about vulnerabilities, network situational awareness, and research in the security field offered by CERT Division researchers.

DevOps

Technical Guidelines and practical advice for DevOps. Posts cover issues relating to understanding and achieving successful DevOps including cultural shifts, barriers to collaboration, continuous integration, continuous deployment, and automation.

Subscribe

Insider Threat

Advice and best practices for organizations wanting to help better deter, detect, and respond to evolving insider threats.

SATURN

The SEI Architecture Technology User Network’s blog covers topics relating to software architecture and connects the professional network of software, systems, and enterprise architects from around the world, representing industry, academia, and government.

SEI Blog

Ongoing and exploratory research on topics that include secure coding, malware analysis, testing, organizational planning, agile software development, big data, quality assurance, cloud computing, and software sustainment across the lifecycle.

Subscribe