Insider Threat
Blog Posts
Introducing the Insider Incident Data Exchange Standard (IIDES)
Capturing and sharing information about insider incidents is a challenge. This post introduces the Insider Incident Data Exchange Standard (IIDES) schema for insider incident data collection.
Read More•By Austin Whisnant
In Insider Threat
The Top 10 Blog Posts of 2024
This post presents the top 10 most-visited posts of 2024, highlighting our work in software acquisition, artificial intelligence, large language models, secure coding, and more.
Read More•By Bill Scherlis
In Software Engineering Research and Development
A Roadmap for Incorporating Positive Deterrence in Insider Risk Management
Positive deterrence reduces insider risk through workforce practices that promote the mutual interests of employees and their organization.
Read More•By Andrew P. Moore
In Insider Threat
10 Lessons in Security Operations and Incident Management
This post outlines 10 lessons learned from more than three decades of building incident response and security teams throughout the globe.
Read More•By Robin Ruefle
In Insider Threat
CERT Releases 2 Tools to Assess Insider Risk
The average insider risk incident costs organizations more than $600,000. To help organizations assess their insider risk programs, the SEI CERT Division has released two tools available for download.
Read More•By Roger Black
In Insider Threat
The 13 Key Elements of an Insider Threat Program
COVID-19 changed the nature of the workplace. In this evolving climate, organizations need to be increasingly vigilant against insider incidents. In this post, we present the 13 key elements of …
Read More•By Daniel L. Costa, Randall F. Trzeciak
In Insider Threat
How to Mitigate Insider Threats by Learning from Past Incidents
This post summarizes a new best practice added to the new 7th edition of the Common Sense Guide to Mitigating Insider Threats, "Learn from Past Insider Threat Incidents."
Read More•By Daniel L. Costa
In Insider Threat
Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs
This blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to …
Read More•By Emily Kessel, Sarah Miller, Carrie Gardner
In Insider Threat
Benford's Law: Potential Applications for Insider Threat Detection
Learn how a mathematical law may help detect insider activity without the effort of traditional anomaly detection in this informative SEI Blog post
Read More•By Emily Kessel
In Insider Threat
Insider Threat Incidents: Assets Targeted by Malicious Insiders
This SEI Blog post details CERT's new taxonomy for targeted assets in insider threat incidents and highlights their latest findings.
Read More•By Sarah Miller
In Insider Threat