search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

CERT Definition of 'Insider Threat' - Updated

CERT Definition of 'Insider Threat' - Updated

• Insider Threat Blog
Daniel Costa

Insider Threat - the potential for an individual who has or had authorized access to an organization's assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization....

Read More
Moving Beyond Resilience to Prosilience

Moving Beyond Resilience to Prosilience

• Insider Threat Blog
Summer Fowler

Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way to not just manage risks, but to achieve mission assurance. Resilience has been codified in our CERT-Resilience Management Model (CERT-RMM), which is a maturity framework of best practices across security, business continuity, and information technology operations focused on an organization's critical assets....

Read More
2016 U.S. State of Cybercrime Highlights

2016 U.S. State of Cybercrime Highlights

• Insider Threat Blog
Sarah Miller

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These reports are based on surveys of approximately 400 organizations across the country, ranging in size from less than 100 employees to over 10,000....

Read More
Defending Against Phishing

Defending Against Phishing

• Insider Threat Blog
Michael J. Albrethsen

When IT and security professionals discuss phishing, the need for improved user education is often the main focus. While user education is vital and can lead to faster discovery of attacks through increased reporting of phishing attempts, it's important to understand the limits of user education when trying to reduce phishing risks....

Read More
Sentiment Analysis in the Context of Insider Threat

Sentiment Analysis in the Context of Insider Threat

• Insider Threat Blog
Jason W. Clark

In this blog post, I describe sentiment analysis and discuss its use in the area of insider threat. Sentiment analysis, often referred to as opinion mining, refers to the application of natural language processing (NLP), computational linguistics, and text analytics to identify and extract subjective information in source materials (Wikipedia)....

Read More
Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)

Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)

• Insider Threat Blog
Sarah Miller

IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of a victim organization. What makes sabotage so compelling a concern is the notion that a few lines of code can put an organization out of business....

Read More
Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)

Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)

• Insider Threat Blog
Sarah Miller

In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is a relationship between an insider's salary and the financial impact of related incidents. Comparing the estimated salary of malicious insiders with impacts self-reported by victim organizations in publicly available sources (i.e., in court filings) may offer analytical insight for quantifying risk....

Read More