SEI Insights

Category: Insider Threat

 Insider Threat Deep Dive on IT Sabotage: Lessons for Organizations (Part 2 of 2)

By on

In my previous blog post, I began to update sabotage statistics provided in 2010. In this second post, I explore how organizations can begin to protect themselves from IT sabotage by learning to identify and appropriately respond to its precursors....

 Modeling and Simulation in Insider Threat

By on

A 2016 study on cybersecurity and digital trust found that 69 percent of organizations surveyed experienced an attempted or successful theft or corruption of data by insiders in the last 12 months. Despite the impact of insider threat--and continued mandates...

 Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)

By on

IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of...

 Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)

By on

In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is a relationship between an insider's salary and the financial impact...

 Malicious Insiders in the Workplace Series: What Do Malicious Insiders Get Paid? (Part 3 of 4)

By on

In parts one and two of this series, I analyzed the gender and organizational roles of malicious insiders. In this third part of the series, I analyze the CERT Insider Threat Incident Corpus for insights into the salaries of the...

 Malicious Insiders in the Workplace Series: What Positions Do Malicious Insiders Hold? (Part 2 of 4)

By on

In the first part of this series, we analyzed the gender of malicious insiders as it relates to the categories of insider threat incidents. In this post, understanding the roles that insiders play within their victim organizations further contextualizes the...

 Building an Insider Threat Program: Some Low-Cost Tools (Part 2 of 2)

By on

This is the second part of a two-part series about considering low-cost tools for starting your insider threat program. In the first part of this series, I discussed the five categories of tools available to insider threat programs to use,...

 Building an Insider Threat Program: Five Important Categories of Tools (Part 1 of 2)

By on

This is the first part of a two-part series that explores open source, free, or low-cost solutions to help you get the technical portion of your insider threat program started. As defined by opensource.com, open source software is "software with...

 Malicious Insiders in the Workplace Series: How Does an Insider's Gender Relate to the Type of Incident? (Part 1 of 4)

By on

Much attention has been paid to understanding the impacts of an insider threat incident. In examining recorded cases, trends begin to emerge over time just as with any other data set. However, despite these malicious insiders using technical means to...

 Responding to New Federal Requirements for Contractors

By on

On May 18, 2016, the DOD published Change 2 to DoD 5220.22-M, "National Industrial Security Operating Manual (NISPOM)," which requires contractors to establish and maintain an insider threat program to detect, deter, and mitigate insider threats. The intent of this...

 The Frequency and Impact of Insider Collusion

By on

Collusion among malicious insiders can produce a larger attack surface in terms of access to organizational assets. In theory, multiple actors could perform reconnaissance from within the "need-to-know" aspect of their job responsibilities to commit fraud or theft of intellectual...

 Mitigating Insider Incidents with Threat Indicator Standardization

By on

Effective cross-department collaboration usually requires a common standard language for communication. Until recently, the insider threat community has suffered from a lack of standardization when expressing potential insider threat risk indicators. The CERT Division's research into insider threat detection, prevention,...

 Handling Threats from Disgruntled Employees

By on

Disgruntled employees can be a significant risk to any organization because they can have administrative privileges and access to systems that are necessary for the daily operation of the organization. These disgruntled employees can be identified and monitored, but without...

 InTP Series: Conclusion and Resources (Part 18 of 18)

By on

The intent of this blog series was to describe a framework that you could use as you build an insider threat program (InTP) in your organization. We hope you found it a useful resource and recommend that you refer back...

 InTP Series: Implementation Planning (Part 17 of 18)

By on

Implementation plans are an essential component of developing an Insider Threat Program (InTP). It is important to look at the development of an implementation plan from a strategic long-term perspective. Hello, this is Tracy Cassidy, Insider Threat Researcher at the...

 InTP Series: The Insider Threat Framework (Part 16 of 18)

By on

The single most important aspect of developing a successful insider threat program (InTP) framework is a clear vision. Therefore, it is imperative that you define your vision in a concept of operations document or charter. Hi, this is Jason W....

  InTP Series: Protection of Employee Civil Liberties and Privacy Rights (Part 15 of 18)

By on

The news today is buzzing with discussions regarding civil liberties and privacy rights. Insider threat program (InTP) development deals directly with these issues, specifically the protection of employees. It is essential that management to familiarize itself with existing mandates, statutes,...

  InTP Series: Policies, Procedures, and Practices (Part 14 of 18)

By on

An InTP requires two sets of policies, procedures, and practices: one set describing the operation and components of the program and the other set describing insider threat program (InTP) activities. Hi, I'm Cindy Nesta of the CERT Insider Threat Center....

  InTP Series: Communicating Insider Threat Events (Part 13 of 18)

By on

When building your organization's Insider Threat Program (InTP), be sure to clearly identify defined processes for communicating insider threat events and incidents. It is important to ensure that all affected parties are made aware of the situation. As we all...

  InTP Series: Incident Response Planning (Part 12 of 18)

By on

Your incident response plan should cover the entire incident lifecycle, including processes for how incidents are detected, reported, contained, remediated, documented, and prosecuted (if applicable). Hello, this is Mark Zajicek at the CERT Insider Threat Center. In this week's blog...