Software Engineering Institute | Carnegie Mellon University

SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

Effective cross-department collaboration usually requires a common standard language for communication. Until recently, the insider threat community has suffered from a lack of standardization when expressing potential insider threat risk indicators. The CERT Division's research into insider threat detection, prevention, and mitigation methods steered the design process for a newly proposed ontology for communicating insider threat indicators. Such an ontology allows organizations to share threat detection intelligence. In this post, I briefly describe our recently released report, An Insider Threat Indicator Ontology.

Disgruntled employees can be a significant risk to any organization because they can have administrative privileges and access to systems that are necessary for the daily operation of the organization. These disgruntled employees can be identified and monitored, but without knowing what types of outcomes disgruntled insiders might accomplish, monitoring can become strenuous and overbearing.

Hi, I'm Richard Bavis, Insider Threat Graduate Intern at the CERT Insider Threat Center. In this blog post, I will discuss the top three outcomes of an attack conducted by a disgruntled insider to provide you with better insight into situations that could lead to an attack. By looking at these situations and outcomes, you and your organization will be able to better handle the possible threats of a disgruntled employee.

The intent of this blog series was to describe a framework that you could use as you build an insider threat program (InTP) in your organization. We hope you found it a useful resource and recommend that you refer back to it as you progress through the Initiation, Planning, Operations, Reporting, and Maintenance phases of building your InTP.

Hi, this is Randy Trzeciak, Technical Manager of the CERT Insider Threat Center in the CERT Division of the Software Engineering Institute. It is my privilege to write this final installment of the InTP blog series.

Implementation plans are an essential component of developing an Insider Threat Program (InTP). It is important to look at the development of an implementation plan from a strategic long-term perspective.

Hello, this is Tracy Cassidy, Insider Threat Researcher at the CERT Insider Threat Center. In this next-to-the-last blog post in our insider threat blog series, I'll provide an outline for developing an implementation plan.

The single most important aspect of developing a successful insider threat program (InTP) framework is a clear vision. Therefore, it is imperative that you define your vision in a concept of operations document or charter.

Hi, this is Jason W. Clark, Ph.D, an insider threat researcher with the CERT Insider Threat Center. In this blog post, I will briefly describe and define an InTP framework document.

The news today is buzzing with discussions regarding civil liberties and privacy rights. Insider threat program (InTP) development deals directly with these issues, specifically the protection of employees. It is essential that management to familiarize itself with existing mandates, statutes, laws, and directives that are related to InTP implementation.

Hi, my name is Tracy Cassidy. I am an Insider Threat Researcher at the CERT Insider Threat Center. In this, the 15th of 18 posts in our blog series on establishing an InTP, I'll discuss some issues that are relevant to the protection of employee civil liberties and privacy rights.

An InTP requires two sets of policies, procedures, and practices: one set describing the operation and components of the program and the other set describing insider threat program (InTP) activities.

Hi, I'm Cindy Nesta of the CERT Insider Threat Center. In this 14th installment of the InTP Blog Series, I will provide you with a clear explanation of the policies, procedures, and practices that an InTP requires.

When building your organization's Insider Threat Program (InTP), be sure to clearly identify defined processes for communicating insider threat events and incidents. It is important to ensure that all affected parties are made aware of the situation. As we all know, clear, concise, detailed, and documented communication is valuable.

Hi, I'm Cindy Nesta of the CERT Insider Threat Team. In this 13th installment of the InTP Series, I will touch on several things, including the components of a communication plan, a communication strategy, and raising the overall awareness of InTP activities.