search menu icon-carat-right cmu-wordmark

Posts by Andrew Moore

Model-Based Analysis of Agile Development Practices

Model-Based Analysis of Agile Development Practices

• Blog
Andrew Moore

Bill Nichols, Bill Novak, and David Zubrow helped to write this blog post. Applications of Agile development practices in government are providing experience that decision makers can use to improve policy, procedure, and practice. Behavioral modeling and simulation (BModSim) techniques (such as agent-based modeling, computational game theory, and System Dynamics) provide a way to construct valid, coherent, and executable characterizations of Agile software development. These techniques can help answer key questions about Agile concepts and...

Read More
Enterprise-Wide Risk Assessments (Part 6 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Enterprise-Wide Risk Assessments (Part 6 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Blog
Andrew Moore

The sixth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 6: Consider threats from insiders and business partners in enterprise-wide risk assessments. In this post, I discuss the importance of developing a comprehensive, risk-based security strategy to prevent, detect, and respond to insider threats, including those caused by business partners that are given authorized access....

Read More
Three Practice Areas for Using Positive Incentives to Reduce Insider Threat

Three Practice Areas for Using Positive Incentives to Reduce Insider Threat

• Blog
Andrew Moore

In the 2016 Cyber Security Intelligence Index, IBM found that 60 percent of all cyber attacks were carried out by insiders. One reason that insider threat remains so problematic is that organizations typically respond to these threats with negative technical incentives, such as practices that monitor employee behavior, detect and punish misbehavior, and otherwise try to force employees to act in the best interest of the organization. In contrast, this blog post highlights results from...

Read More
Modeling and Simulation in Insider Threat

Modeling and Simulation in Insider Threat

• Blog
Andrew Moore

A 2016 study on cybersecurity and digital trust found that 69 percent of organizations surveyed experienced an attempted or successful theft or corruption of data by insiders in the last 12 months. Despite the impact of insider threat--and continued mandates that government agencies and their contractors put insider threat programs in place--a number of organizations still have not implemented them. Moreover, the programs that have been implemented often have serious deficiencies. One impediment to organizations...

Read More
Designing Insider Threat Programs

Designing Insider Threat Programs

• Blog
Andrew Moore

Insider threat is the threat to organization's critical assets posed by trusted individuals - including employees, contractors, and business partners - authorized to use the organization's information technology systems. Insider threat programs within an organization help to manage the risks due to these threats through specific prevention, detection, and response practices and technologies. The National Industrial Security Program Operating Manual (NISPOM), which provides baseline standards for the protection of classified information, is considering proposed changes...

Read More
Effectiveness of a Pattern for Preventing Theft by Insiders

Effectiveness of a Pattern for Preventing Theft by Insiders

• Blog
Andrew Moore

Since 2001, researchers at the CERT Insider Threat Center have documented malicious insider activity by examining media reports and court transcripts and conducting interviews with the United States Secret Service, victims' organizations, and convicted felons. Among the more than 700 insider threat cases that we've documented, our analysis has identified more than 100 categories of weaknesses in systems, processes, people or technologies that allowed insider threats to occur. One aspect of our research has focused...

Read More
Protecting Against Insider Threats with Enterprise Architecture Patterns

Protecting Against Insider Threats with Enterprise Architecture Patterns

• Blog
Andrew Moore

The 2011 CyberSecurity Watch survey revealed that 27 percent of cybersecurity attacks against organizations were caused by disgruntled, greedy, or subversive insiders, employees, or contractors with access to that organization's network systems or data. Of the 607 survey respondents, 43 percent view insider threat attacks as more costly and cited not only a financial loss but also damage to reputation, critical system disruption, and loss of confidential or proprietary information. For the Department of Defense...

Read More

Contact the Author

Andrew Moore

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Andrew Moore

View publications