Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way to not just manage risks, but to achieve mission assurance. Resilience has been codified in our CERT-Resilience Management Model (CERT-RMM), which is a maturity framework of best practices across security, business continuity, and information technology operations focused on an organization's critical assets.
Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These reports are based on surveys of approximately 400 organizations across the country, ranging in size from less than 100 employees to over 10,000.
When IT and security professionals discuss phishing, the need for improved user education is often the main focus. While user education is vital and can lead to faster discovery of attacks through increased reporting of phishing attempts, it's important to understand the limits of user education when trying to reduce phishing risks.
In this blog post, I describe sentiment analysis and discuss its use in the area of insider threat. Sentiment analysis, often referred to as opinion mining, refers to the application of natural language processing (NLP), computational linguistics, and text analytics to identify and extract subjective information in source materials (Wikipedia).
In my previous blog post, I began to update sabotage statistics provided in 2010. In this second post, I explore how organizations can begin to protect themselves from IT sabotage by learning to identify and appropriately respond to its precursors. The CERT Insider Threat Incident Corpus contains 153 incidents of sabotage.
IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of a victim organization. What makes sabotage so compelling a concern is the notion that a few lines of code can put an organization out of business.
In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is a relationship between an insider's salary and the financial impact of related incidents. Comparing the estimated salary of malicious insiders with impacts self-reported by victim organizations in publicly available sources (i.e., in court filings) may offer analytical insight for quantifying risk.
In parts one and two of this series, I analyzed the gender and organizational roles of malicious insiders. In this third part of the series, I analyze the CERT Insider Threat Incident Corpus for insights into the salaries of the insiders who committed the incidents.