search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Insider Threats in Information Technology (Part 6 of 9: Insider Threats Across Industry Sectors)

Insider Threats in Information Technology (Part 6 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Michaela Webster

This blog post was co-authored by Carrie Gardner. As Carrie Gardner wrote in the second blog post in this series, which introduced the Industry Sector Taxonomy, information technology (IT) organizations fall in the NAICS Code category professional, scientific, and technology. IT organizations develop products and perform services advancing the state of the art in technology applications. In many cases, these services directly impact the supply chain since many organizations rely on products and services from...

Read More
Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Sarah Miller

This post was co-authored by Jonathan Trotman. In the previous post of our series analyzing and summarizing insider incidents across multiple sectors, we discussed some of the mandates and requirements associated with federal government insider threat programs as well as documented insider threat incidents. In this post, we will discuss information security regulations and insider threat metrics based on Finance and Insurance incidents from our CERT National Insider Threat Center (NITC) Incident Corpus....

Read More
Scoping IT & OT Together When Assessing an Organization's Resilience

Scoping IT & OT Together When Assessing an Organization's Resilience

• Insider Threat Blog
Alexander Petrilli

The SEI engages with many organizations of various sizes and industries about their resilience. Those responsible for their organization's cybersecurity often tell us that their information technology (IT) and operational technology (OT) are too different to be assessed together. However, not accounting for both technologies could have serious implications to an organization's resilience. In this post I'll say why, and I'll describe the technology-agnostic tools the SEI uses to scope both IT and OT in...

Read More
Performing Text Analytics for Insider Threat Programs: Part 3 of 3

Performing Text Analytics for Insider Threat Programs: Part 3 of 3

• Insider Threat Blog
Carrie Gardner

This blog series reviews topics in performing text analytics to support insider threat mitigation. This post presents a procedural framework for operationalizing this capability. It walks through the process of considering text analytics capability through putting it into practice. The blog also enumerates thought questions about whether to acquire a commercial textual analysis solution, repurpose an existing tool, or develop an in-house capability....

Read More
Insider Threats in the Federal Government (Part 3 of 9: Insider Threats Across Industry Sectors)

Insider Threats in the Federal Government (Part 3 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Sarah Miller

The CERT National Insider Threat Center (NITC) Insider Threat Incident Corpus contains over 2,000 incidents, which, as Director Randy Trzeciak writes, acts as the "foundation for our empirical research and analysis." This vast data set shows us that insider incidents impact both the public and private sector, with federal government organizations being no exception. As Carrie Gardner introduced in the previous blog post in this series, federal government organizations fall under the NAICS Codes for...

Read More
Classifying Industry Sectors: Our New Approach to an Industry Sector Taxonomy (Part 2 of 9: Insider Threats Across Industry Sectors)

Classifying Industry Sectors: Our New Approach to an Industry Sector Taxonomy (Part 2 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Carrie Gardner

As Randy Trzeciak mentioned in the first blog in this series, we are often asked about the commonalities of insider incidents for a particular sector. These questions invariably begin conversations about which sector-specific best practices and controls are best suited to address the common incident patterns faced by these organizations. To better address this question, we decided to update our model for coding industry sectors1, or what classification system we use to organize the organizations...

Read More
Is Compliance Compromising Your Information Security Culture?

Is Compliance Compromising Your Information Security Culture?

• Insider Threat Blog
Jenny Moniz

Individual organizations spend millions per year complying with information security mandates, which tend to be either too general or too specific. However, organizations focusing solely on compliance miss the opportunity to strengthen their information security culture. This blog post will explain the benefits of information security culture and demonstrate how compliance with information security mandates may prevent organizations from achieving their full information security culture potential....

Read More