search menu icon-carat-right cmu-wordmark

Posts by Daniel Costa

Improving Insider Threat Detection Methods Through Software Engineering Principles

Improving Insider Threat Detection Methods Through Software Engineering Principles

• Blog
Daniel Costa

Tuning detective controls is a key component of implementing and operating an insider threat program, and one we have seen many organizations struggle with. Our work helping organizations with their insider threat programs has revealed common challenges with any tool that generates alerts of potential insider risk, such as user activity monitoring (UAM), security information event management (SIEM), or user and entity behavioral analytics (UEBA) tools. In this blog post, we will discuss some of...

Read More
September Is National Insider Threat Awareness Month

September Is National Insider Threat Awareness Month

• Blog
Daniel Costa

September 2019 has been declared National Insider Threat Awareness Month by the National Insider Threat Task Force, the National Counterintelligence and Security Center, the Federal Bureau of Investigation, the Office of the Under Secretary of Defense (Intelligence), the Department of Homeland Security, and the Defense Counterintelligence and Security Agency. This blog post outlines the CERT National Insider Threat Center's activities in support of this effort....

Read More
Patterns and Trends in Insider Threats Across Industry Sectors (Part 9 of 9: Insider Threats Across Industry Sectors)

Patterns and Trends in Insider Threats Across Industry Sectors (Part 9 of 9: Insider Threats Across Industry Sectors)

• Blog
Daniel Costa

In previous posts of our series analyzing and summarizing insider incidents across multiple sectors, we presented up-to-date statistics from the CERT National Insider Threat Center (NITC) Incident Corpus and looked closely at which types of insider incidents are prevalent within certain types of organizations. From there, we presented statistics on what types of assets those insider attacks target, the time frames associated with those attacks, and the tactics, techniques, and procedures the insiders used to...

Read More
Announcing Insider Threat Analyst Training from the CERT National Insider Threat Center

Announcing Insider Threat Analyst Training from the CERT National Insider Threat Center

• Blog
Daniel Costa

The CERT National Insider Threat Center (NITC) has recently developed an Insider Threat Analyst Training course. This three-day, instructor-led, classroom-based course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. Students learn various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability. The course includes instructor lectures and group discussions, as well as hands-on exercises with...

Read More
Machine Learning and Insider Threat

Machine Learning and Insider Threat

• Blog
Daniel Costa

As organizations' critical assets have become digitized and access to information has increased, the nature and severity of threats has changed. Organizations' own personnel--insiders--now have greater ability than ever before to misuse their access to critical organizational assets. Insiders know where critical assets are, what is important, and what is valuable. Their organizations have given them authorized access to these assets and the means to compromise the confidentiality, availability, or integrity of data. As organizations...

Read More

Contact the Author

Daniel Costa

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Daniel Costa

View publications