Blog Posts
Separation of Duties and Least Privilege (Part 15 of 20: CERT Best Practices to Mitigate Insider Threats Series)
The 15th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 15: Enforce separation of duties and least privilege. In this …
• By Sarah Miller
In Insider Threat
2016 U.S. State of Cybercrime Highlights
Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. In this blog post, we share some of the findings from …
• By Sarah Miller
In Insider Threat
Insider Threat Deep Dive on IT Sabotage: Lessons for Organizations (Part 2 of 2)
In my previous blog post, I began to update sabotage statistics provided in 2010. In this second post, I explore how organizations can begin to protect themselves from IT sabotage …
• By Sarah Miller
In Insider Threat
Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)
IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use …
• By Sarah Miller
In Insider Threat
Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)
In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is …
• By Sarah Miller
In Insider Threat
Malicious Insiders in the Workplace Series: What Do Malicious Insiders Get Paid? (Part 3 of 4)
In parts one and two of this series, I analyzed the gender and organizational roles of malicious insiders. In this third part of the series, I analyze the CERT Insider …
• By Sarah Miller
In Insider Threat
Malicious Insiders in the Workplace Series: What Positions Do Malicious Insiders Hold? (Part 2 of 4)
In the first part of this series, we analyzed the gender of malicious insiders as it relates to the categories of insider threat incidents. In this post, understanding the roles …
• By Sarah Miller
In Insider Threat
Malicious Insiders in the Workplace Series: How Does an Insider's Gender Relate to the Type of Incident? (Part 1 of 4)
Much attention has been paid to understanding the impacts of an insider threat incident. In examining recorded cases, trends begin to emerge over time just as with any other data …
• By Sarah Miller
In Insider Threat
The Frequency and Impact of Insider Collusion
Collusion among malicious insiders can produce a larger attack surface in terms of access to organizational assets. In theory, multiple actors could perform reconnaissance from within the "need-to-know" aspect of …
• By Sarah Miller
In Insider Threat
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.