search menu icon-carat-right cmu-wordmark

Posts by Robert M. Ditmore

Functional Requirements for Insider Threat Tool Testing

Functional Requirements for Insider Threat Tool Testing

• Blog
Robert M. Ditmore

Derrick Spooner co-authored this post. Because of the scope and scale of the insider threat, the SEI recommends that organizations adopt a use-case-based approach to insider risk mitigation. In such an approach, organizations iteratively deploy capabilities to prevent, detect, and respond to the greatest threats to their most critical assets. However, the tools modern insider threat programs rely on to collect and analyze data do not adapt themselves to the organization or its changing insider...

Read More
High-Level Technique for Insider Threat Program's Data Source Selection

High-Level Technique for Insider Threat Program's Data Source Selection

• Blog
Robert M. Ditmore

This blog discusses an approach that the CERT Division's National Insider Threat Center developed to assist insider threat programs develop, validate, implement, and share potential insider threat risk indicators (PRIs). The motivation behind our approach is to provide a broad, tool-agnostic framework to promote sharing indicator details. You might share these details among your insider threat team personnel and other key stakeholders, such as Human Resources, Legal, and Information Technology, before the direct dive into...

Read More
Moving Personal Data at Work

Moving Personal Data at Work

• Blog
Robert M. Ditmore

Many organizations allow limited personal use of organizational equipment. To move personal data to or from the organization's devices and network, employees typically use email, removable media, or cloud storage--the same channels a malicious insider would use for data exfiltration. This post explores a new way, based on cross-domain solutions, for employees to safely transfer personal data between an organization's network and their own systems....

Read More

Contact the Author

Robert M. Ditmore