search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Insider Threats in the Federal Government (Part 3 of 9: Insider Threats Across Industry Sectors)

Insider Threats in the Federal Government (Part 3 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Sarah Miller

The CERT National Insider Threat Center (NITC) Insider Threat Incident Corpus contains over 2,000 incidents, which, as Director Randy Trzeciak writes, acts as the "foundation for our empirical research and analysis." This vast data set shows us that insider incidents impact both the public and private sector, with federal government organizations being no exception. As Carrie Gardner introduced in the previous blog post in this series, federal government organizations fall under the NAICS Codes for...

Read More
Classifying Industry Sectors: Our New Approach to an Industry Sector Taxonomy (Part 2 of 9: Insider Threats Across Industry Sectors)

Classifying Industry Sectors: Our New Approach to an Industry Sector Taxonomy (Part 2 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Carrie Gardner

As Randy Trzeciak mentioned in the first blog in this series, we are often asked about the commonalities of insider incidents for a particular sector. These questions invariably begin conversations about which sector-specific best practices and controls are best suited to address the common incident patterns faced by these organizations. To better address this question, we decided to update our model for coding industry sectors1, or what classification system we use to organize the organizations...

Read More
Is Compliance Compromising Your Information Security Culture?

Is Compliance Compromising Your Information Security Culture?

• Insider Threat Blog
Jenny Moniz

Individual organizations spend millions per year complying with information security mandates, which tend to be either too general or too specific. However, organizations focusing solely on compliance miss the opportunity to strengthen their information security culture. This blog post will explain the benefits of information security culture and demonstrate how compliance with information security mandates may prevent organizations from achieving their full information security culture potential....

Read More
Insider Threat Incident Analysis by Sector (Part 1 of 9)

Insider Threat Incident Analysis by Sector (Part 1 of 9)

• Insider Threat Blog
Randy Trzeciak

Hello, I am Randy Trzeciak, Director of the CERT National Insider Threat Center (NITC). I would like to welcome you to the NITC blog series on insider threat incidents within various sectors. In this first post, I (1) describe the purpose of the series and highlight what you can expect to see during the series, and (2) review the NITC insider threat corpus, which is the foundation for our empirical research and analysis. Join us...

Read More
How CERT-RMM and NIST Security Controls Help Protect Data Privacy and Enable GDPR Compliance, Part 1: Identifying Personally Identifiable Information

How CERT-RMM and NIST Security Controls Help Protect Data Privacy and Enable GDPR Compliance, Part 1: Identifying Personally Identifiable Information

• Insider Threat Blog
Anne Connell

The costs of the steady stream of data breaches and attacks on sensitive and confidential data continue to rise. Organizations are responding by making data protection a critical component of their leadership and governance strategies. The European Union's recent General Data Protection Regulation (GDPR) adds layers of complexity to protecting the data of individuals in the EU and European Economic Area. Organizations are struggling to understand GDPR's requirements, much less become compliant. In this series...

Read More
Challenges Facing Insider Threat Programs and Hub Analysts: Part 2 of 2

Challenges Facing Insider Threat Programs and Hub Analysts: Part 2 of 2

• Insider Threat Blog
Jason W. Clark

In the first post in this two-part series, we covered five unique challenges that impact insider threat programs and hub analysts. The challenges included lack of adequate training, competing interests, acquiring data, analyzing data, and handling false positives. As you read the new challenges introduced in this post, ask yourself the same questions: 1) How many of these challenges are ones you are facing today? 2) Are there challenges in this list that lead to...

Read More
Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

• Insider Threat Blog
Jason Fricke

This post was also authored by Andrew Hoover. In Cybersecurity Architecture, Part 1: Cyber Resilience and Critical Service, we talked about the importance of identifying and prioritizing critical or high-value services and the assets and data that support them. In this post, we'll introduce our approach for reviewing the security of the architecture of information systems that deliver or support these services. We'll also describe our review's first areas of focus: System Boundary and Boundary...

Read More
Challenges Facing Insider Threat Programs and Hub Analysts: Part 1 of 2

Challenges Facing Insider Threat Programs and Hub Analysts: Part 1 of 2

• Insider Threat Blog
Jason W. Clark

The purpose of this two-part blog series is to discuss five challenges that often plague insider threat programs and more specifically the analysts that are working in insider threat hubs. I am in a unique position to discuss this area because I have many years of experience working directly with operational insider threat programs of varying maturity levels. Thus I have a front-row vantage point to understand the challenges that analysts face on a daily...

Read More