search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Patterns and Trends in Insider Threats Across Industry Sectors (Part 9 of 9: Insider Threats Across Industry Sectors)

Patterns and Trends in Insider Threats Across Industry Sectors (Part 9 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Daniel Costa

In previous posts of our series analyzing and summarizing insider incidents across multiple sectors, we presented up-to-date statistics from the CERT National Insider Threat Center (NITC) Incident Corpus and looked closely at which types of insider incidents are prevalent within certain types of organizations. From there, we presented statistics on what types of assets those insider attacks target, the time frames associated with those attacks, and the tactics, techniques, and procedures the insiders used to...

Read More
Cybersecurity Governance, Part 1: 5 Fundamental Challenges

Cybersecurity Governance, Part 1: 5 Fundamental Challenges

• Insider Threat Blog
Seth Swinton

This post was co-authored by Stephanie Hedges. Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. This blog post examines five fundamental challenges of cybersecurity governance that, while not exhaustive, are essential to establishing and maintaining an effective cybersecurity governance program....

Read More
Keeping an Eye Out for Positive Risk

Keeping an Eye Out for Positive Risk

• Insider Threat Blog
Mary Beth Chrissis

We commonly think about risks having negative consequences. With each month bringing new cybersecurity threats, breaches, and vulnerabilities, sound risk management practices are necessary to protect your organization. However, when performing risk management, do organizations unnecessarily limit themselves by only thinking about risks as negative effects and not looking at positive effects, too?...

Read More
High-Level Technique for Insider Threat Program's Data Source Selection

High-Level Technique for Insider Threat Program's Data Source Selection

• Insider Threat Blog
Robert M. Ditmore

This blog discusses an approach that the CERT Division's National Insider Threat Center developed to assist insider threat programs develop, validate, implement, and share potential insider threat risk indicators (PRIs). The motivation behind our approach is to provide a broad, tool-agnostic framework to promote sharing indicator details. You might share these details among your insider threat team personnel and other key stakeholders, such as Human Resources, Legal, and Information Technology, before the direct dive into...

Read More
Windows Event Logging for Insider Threat Detection

Windows Event Logging for Insider Threat Detection

• Insider Threat Blog
Derrick Spooner

In this post, I continue my discussion on potential low-cost solutions to mitigate insider threats for smaller organizations or new insider threat programs. I describe a few simple insider threat use cases that may have been detected using Windows Event logging, and I suggest a low-effort solution for collecting and aggregating logs from Windows hosts....

Read More
The CERT Division's National Insider Threat Center (NITC) Symposium

The CERT Division's National Insider Threat Center (NITC) Symposium

• Insider Threat Blog
Randy Trzeciak

Addressing the Challenges of Maturing an Insider Threat (Risk) Program On May 10, 2019, the Software Engineering Institute's National Insider Threat Center (NITC) will host the 6th Annual Insider Threat Symposium, with this year's theme, "Maturing Your Insider Threat (Risk) Program." The purpose of the symposium is to bring together practitioners on the front lines of insider threat mitigation to discuss the challenges and successes of maturing their insider threat (risk) programs. You will have...

Read More
A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

• Insider Threat Blog
Michael C. Theis

(Or..."How This One Weird Thing Can Take Your Program to the Next Level!") The CERT National Insider Threat Center (NITC) continues to transition its insider threat research to the public through its publications of the Common Sense Guide to Mitigating Insider Threats (CSG), blog posts, and other research papers. We recently released an updated version of the CSG: the Common Sense Guide to Mitigating Insider Threats, Sixth Edition. In this post, I'll highlight the new...

Read More
Are You Providing Cybersecurity Awareness, Training, or Education?

Are You Providing Cybersecurity Awareness, Training, or Education?

• Insider Threat Blog
Mike Petock

When I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely am I provided with any solutions or actions to remediate the problem. As a cybersecurity trainer with 17+ years of experience and a degree in education, I understand that developing a good presentation is a challenge in any domain. Fortunately for cybersecurity professionals, the National Institute of Standards and Technology (NIST) can help you choose...

Read More