search menu icon-carat-right cmu-wordmark

Wrap Up of CERT Best Practices to Mitigate Insider Threats Series


We hope you enjoyed our 20-part blog series describing the best practices included in the Common Sense Guide to Mitigating Insider Threats published by the CERT Insider Threat Center. Our goal for the series was to highlight each best practice and provide a few quick wins for you to consider as you attempt to identify and mitigate insider threats in your organization.

In December 2016, Carnegie Mellon University's CERT Division of the Software Engineering Institute announced the public release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats. The guide describes 20 practices that organizations should implement across their enterprises to mitigate (prevent, detect, and respond to) insider threats and provides case studies related to each practice.

This blog series was not meant to be a comprehensive review of each best practice. So, if you want a complete description of these best practices or merely additional information, please download the free guide. The table below summarizes these 20 best practices:

1 - Know and protect your critical assets. 11 - Institute stringent access controls and monitoring policies on privileged users.
2 - Develop a formalized insider threat program. 12 - Deploy solutions for monitoring employee actions and correlating information from multiple data sources.
3 - Clearly document and consistently enforce policies and controls. 13 - Monitor and control remote access from all endpoints, including mobile devices.
4 - Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. 14 - Establish a baseline of normal behavior for both networks and employees.
5 - Anticipate and manage negative issues in the work environment. 15 - Enforce separation of duties and least privilege.
6 - Consider threats from insiders and business partners in enterprise-wide risk assessments. 16 - Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
7 - Be especially vigilant regarding social media. 17 - Institutionalize system change controls.
8 - Structure management and tasks to minimize unintentional insider stress and mistakes. 18 - Implement secure backup and recovery processes.
9 - Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees. 19 - Close the doors to unauthorized data exfiltration.
10 - Implement strict password and account management policies and practices. 20 - Develop a comprehensive employee termination procedure.

We hope you found value in this blog series and the Common Sense Guide to Mitigating Insider Threats that you can apply to your organization. We want your feedback and suggestions for improving this and other SEI publications. We also want to hear how we can help address your current and future software and cybersecurity challenge problems.

If you have questions; want to share thoughts, ideas, and suggestions for insider threat mitigation; or if you would like to suggest a topic for our future research or future blog posts, please send email to us at

At the CERT Insider Threat Center at Carnegie Mellon's Software Engineering Institute (SEI), we are devoted to combatting cybersecurity issues. Our research has uncovered information that can help you identify potential and realized insider threats in your organization, institute ways to prevent them, and establish processes to deal with them if they do happen. For more information about the CERT Insider Threat Center, see

Get updates on our latest work.

Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.

Subscribe Get our RSS feed