search menu icon-carat-right cmu-wordmark

Fourth Edition of the Common Sense Guide to Mitigating Insider Threats Is Released

Lori Flynn

Hello, this is Lori Flynn, insider threat researcher for the CERT Program. We are proud to announce the release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats. We are grateful to the U.S. Department of Homeland Security, Federal Network Resilience (FNR) division within the Office of Cybersecurity and Communications, which sponsored updating and augmenting the previous edition released in 2009.The newest edition is based on our significantly expanded database of more than 700 insider threat cases and continued research and analysis, and it covers new technologies and new threats.

The new guide describes 19 practices that organizations should implement across the enterprise to mitigate (i.e., prevent, detect, and respond to) insider threats. It also includes case studies of organizations that failed to do so. Each practice includes features new to this edition, including quick wins and high-impact solutions for small and large organizations, challenges to implementation, and relevant security standards.

This edition also focuses more on six groups within an organization--human resources, legal, physical security, data owners, information technology, and software engineering--and a mapping that indicates which of these groups should be involved in implementing each practice. The appendices contain a revised list of information security best practices, a new mapping of the guide's practices to established security standards, a new breakdown of the practices by organizational group, and new checklists of activities for each practice.

Insider threats are influenced by a combination of technical, behavioral, and organizational issues and must be addressed by policies, procedures, and technologies. Accordingly, an organization's staff in management, human resources, legal counsel, physical security, information technology, and information assurance, as well as data owners and software engineers, can all benefit from reading the guide.

Decision makers across the enterprise can use the guide to understand the overall scope of the insider threat problem, communicate it to all organization employees, and ensure effective implementation of recommended best practices.

If you have questions or want to share experiences you've had with insider threats, send email to

Get updates on our latest work.

Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.

Subscribe Get our RSS feed