Insider Threat
Blog Posts
How to Mitigate Insider Threats by Learning from Past Incidents
This post summarizes a new best practice added to the new 7th edition of the Common Sense Guide to Mitigating Insider Threats, "Learn from Past Insider Threat Incidents."
• By Daniel Costa
In Insider Threat

Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs
This blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to …
• By Emily Kessel, Sarah Miller, Carrie Gardner
In Insider Threat


Benford's Law: Potential Applications for Insider Threat Detection
Detecting anomalous network activity is a powerful way to discover insider threat activities. It is time consuming, however, to establish baseline traffic and process traffic data. This blog post explores …
• By Emily Kessel
In Insider Threat

Insider Threat Incidents: Assets Targeted by Malicious Insiders
As part of the CERT National Insider Threat Center's ongoing efforts to refine and improve our Incident Corpus, and to provide more data to the community, we have updated our …
• By Sarah Miller
In Insider Threat

Highlights from the 7th Annual National Insider Threat Center (NITC) Symposium, Day One
This year's seventh annual National Insider Threat Symposium, "From Mitigating Insider Threats to Managing Insider Risk," focuses on proactive approaches to reducing the impact and likelihood of insider incidents within …
• By Daniel Costa, Sarah Miller
In Insider Threat


Insider Threat Incidents: Communication Channels
The CERT National Insider Threat Center collects, categorizes, and analyzes technical insider incidents--those in which the insider used technology--to monitor the evolving insider threat landscape. In this post, we categorize …
• By Sarah Miller, Alex Pickering
In Insider Threat


Insider Threat Incidents: Most Commonly Affected Devices
At the CERT National Insider Threat Center, we collect, analyze, and categorize insider incidents to populate our CERT Insider Threat Incident Corpus and monitor the evolving insider threat landscape. We …
• By Sarah Miller, Alex Pickering
In Insider Threat


Organizational Resilience to Insider Threats
In this blog post, we will discuss the relationship between resilience and insider threat, discuss how to make organizations operationally resilient to insider threats, present strategies for making your insider …
• By Daniel Costa
In Insider Threat

Functional Requirements for Insider Threat Tool Testing
Because of the scope and scale of the insider threat, the SEI recommends that organizations adopt a use-case-based approach to insider risk mitigation....
• By Robert M. Ditmore, Derrick Spooner
In Insider Threat


Maturing Your Insider Threat Program into an Insider Risk Management Program
Having trouble clearly stating the scope of your insider threat program? Struggling with measuring the program's effectiveness? Failing to provide actionable intelligence to the program stakeholders?...
• By Daniel Costa
In Insider Threat
