search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

The CERT Insider Threat Center has been busy this spring.

The CERT Insider Threat Center has been busy this spring.

• Insider Threat Blog
CERT Insider Threat Center

The CERT Insider Threat Center has been busy this spring developing publications, presenting podcasts, and attending conferences to extend the knowledge and research we've collected into the public domain. This blog post contains a few highlights of recent accomplishments and a sneak peak of what we're planning for the future....

Read More
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

• Insider Threat Blog
CERT Insider Threat Center

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) by Addison-Wesley Professional has recently been published. The book is available for purchase at Addison-Wesley's InformIT website at http://www.informit.com/store/product.aspx?isbn=9780321812575....

Read More
Insiders and Organized Crime

Insiders and Organized Crime

• Insider Threat Blog
CERT Insider Threat Center

The term organized crime brings up images of mafia dons, dimly lit rooms, and bank heists. The reality today is more nuanced; especially as organized crime groups have moved their activities online. The CERT Insider Threat Center recently released a publication titled Spotlight On: Malicious Insiders and Organized Crime Activity. This article focuses on a cross-section of CERT's insider threat data, incidents consisting of 2 or more individuals involved in a crime. What we found...

Read More
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage

Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage

• Insider Threat Blog
CERT Insider Threat Center

The Insider Threat Center at CERT recently released a new insider threat control that is specifically designed to detect the presence of a malicious insider based on key indicators to Information Technology (IT) sabotage activity. This blog post provides an overview of the control and the rationale behind its development. For more details describing the development of the control and the statistical analysis used and applied in this signature please refer to the technical report:...

Read More
Preparing for Negative Workplace Events - Managing Employee Expectations

Preparing for Negative Workplace Events - Managing Employee Expectations

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Randy Trzeciak, technical team lead for the Insider Threat Research Team at the CERT Insider Threat Center. This blog post is intended to serve as a reminder to organizations about the impact that an organization's actions can have on employees. Additionally, I want you to ask yourself the following question, what are you doing to manage employee expectations during negative workplace events?...

Read More
Insider Threat Controls

Insider Threat Controls

• Insider Threat Blog
CERT Insider Threat Center

The mission of the CERT Insider Threat Lab, sponsored by the Department of Homeland Security Federal Network Security Branch, is to create new technical controls and standards based on our research, as well as to determine lessons learned from our hands-on work doing assessments, workshops, and working with technical security practitioners....

Read More
Data Exfiltration and Output Devices - An Overlooked Threat

Data Exfiltration and Output Devices - An Overlooked Threat

• Insider Threat Blog
CERT Insider Threat Center

Hi, this is George Silowash and recently, I had the opportunity to review our insider threat database looking for a different type of insider threat to the enterprise...paper. Yes, paper. In particular, printouts and devices that allow for extraction of digital information to paper or the management of paper documents. This area is often overlooked in enterprise risk assessments and I thought I would share some information regarding this type of attack....

Read More
The CERT Insider Threat Database

The CERT Insider Threat Database

• Insider Threat Blog
CERT Insider Threat Center

Hi, this is Randy Trzeciak, technical team lead for the Insider Threat Outreach & Transition group at the Insider Threat Center at CERT. Since 2001, our team has been collecting information about malicious insider activity within U.S. organizations. In each of the incidents we have collected, the insider was found guilty in a U.S. court of law....

Read More