As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. Three of these reports highlight the latest work of SEI technologists on insider threat in international contexts, unintentional insider threats, and attributes and mitigation strategies. The last report provides the results of several exploratory research initiatives conducted by SEI staff in fiscal year 2012. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Best Practices Against Insider Threats in All Nations
By Lori Flynn, Carly L. Huth, Randall F. Trzeciak, and Palma Buttles-Valdez
This technical note summarizes best practices to mitigate insider threats in international contexts, explains their importance, and provides for each an international policy perspective.
Download the PDF

Unintentional Insider Threats: A Foundational Study
By CERT Insider Threat Team
This report examines the problem of unintentional insider threat (UIT) by developing an operational definition of UIT, which is a current or former employee, contractor, or business partner who has or had authorized access to an organization's network, system, or data and who, through action or inaction without malicious intent, causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organization's information or information systems.

The report also reviews relevant research to gain a better understanding of its causes and contributing factors, provides examples of UIT cases and the frequencies of UIT occurrences across several categories, and presents initial thinking on potential mitigation strategies and countermeasures. This research topic has largely been unrecognized, so a major goal of this study is to inform government and industry stakeholders about the problem and its potential causes and to guide investments toward the highest priority research and development requirements for countering UIT.
Download the PDF

Insider Threat Attributes and Mitigation Strategies
By George Silowash
Malicious insiders pose a threat to the confidentiality, integrity, and availability of an organization's information. Many organizations look for hardware and software solutions that address insider threats but are unsure of what characteristics to look for in a product. This technical note presents seven common attributes of insider threat cases, excluding espionage, which were drawn from a database maintained by the insider threat team, which is part of the CERT® Division. The note maps the seven attributes to characteristics insider threat products should possess to detect, prevent, or mitigate the threat. None of these attributes alone can identify a malicious insider; instead each attribute is one of many data points that an organization should consider when implementing an insider threat program.
Download the PDF

Results of SEI Line-Funded Exploratory New Starts Projects: FY 2012
By Bjorn Andersson, Stephany Bellomo, Lisa Brownsword, Yuanfang Cai (Drexel University), Sagar Chaki, William R. Claycomb, Cory Cohen, Julie B. Cohen, Peter H. Feiler, Robert Ferguson, Lori Flynn, David P. Gluch, Dennis R. Goldenson, Arie Gurfinkel, Jeff Havrilla, Chuck Hines, John J. Hudak, Carly L. Huth, Wesley Jin, Rick Kazman, Mary Ann Lapham, James McCurley, John McGregor, David McIntire, Robert Nord, Ipek Ozkaya, Brittany Phillips, Robert W. Stoddard, and David Zubrow
The SEI annually undertakes line-funded exploratory new starts (LENS) projects. These projects serve to (1) support feasibility studies investigating whether further work by the SEI would be of potential benefit and (2) support further exploratory work to determine whether there is sufficient value in eventually funding the feasibility study work as an SEI initiative. Projects are chosen based on their potential to mature and/or transition software engineering practices, develop information that will help in deciding whether further work is worth funding, and set new directions for SEI work. This report describes the LENS projects that were conducted during fiscal year 2012 (October 2011 through September 2012).We have highlighted previously in the SEI Blog, including posts by

• Bjorn Andersson, who wrote about Real-Time Scheduling on Heterogeneous Multicore Processors
• Lisa Brownsword, who wrote about Aligning Acquisition Strategy and Software Architecture with Stakeholder Needs
• Sagar Chaki, who wrote about Semantic Comparison of Malware Functions
• William Claycomb, who wrote about Enabling and Measuring Early Detection of Insider Threats
• Cory Cohen, who wrote about Semantic Code Analysis for Malware Code Deobfuscation
• Arie Gurfinkel, who wrote about Regression Verification of Real-Time Embedded Software
• Rick Kazman, who wrote about Measuring the Impact of Explicit Architecture Documentation
• Dave Zubrow, who wrote about Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE)

Download the PDF

Additional Resources

For the latest SEI technical reports and papers, please visit https://resources.sei.cmu.edu/library/