search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Moving Personal Data at Work

Moving Personal Data at Work

• Insider Threat Blog
Robert M. Ditmore

Many organizations allow limited personal use of organizational equipment. To move personal data to or from the organization's devices and network, employees typically use email, removable media, or cloud storage--the same channels a malicious insider would use for data exfiltration. This post explores a new way, based on cross-domain solutions, for employees to safely transfer personal data between an organization's network and their own systems....

Read More
Introducing Atlas: A Prototype for Visualizing the Internet

Introducing Atlas: A Prototype for Visualizing the Internet

• Insider Threat Blog
Douglas Gardner

After 30 years, cyber command centers, educators, and Internet threat intelligence organizations have yet to embrace a standardized, encompassing, and intuitive way to represent the entities and activities of the Internet. Such a representation would make the Internet more understandable and allow shared situational awareness of Internet events and activities--the much-sought-after "Cyber Common Operational Picture." This post describes Atlas: a working demonstration application for visualizing the Internet....

Read More
Cybersecurity Performance: 8 Indicators

Cybersecurity Performance: 8 Indicators

• Insider Threat Blog
Summer Fowler

Since 1988's Morris Worm, which infected 10% of the estimated 60,000 computers connected to the internet, cybersecurity has grown into an industry expected to exceed $1 trillion in global spending between 2017 and 2021. Cybercrime will cost the global business market an estimated average of $6 trillion annually through the same time frame! So how do we spend just enough money on cybersecurity to be resilient and achieve our business objectives despite disruptive events like...

Read More
CryptoDNS--Should We Worry?

CryptoDNS--Should We Worry?

• Insider Threat Blog
Matthew Mackie

By Matt Mackie When the Internet was still ARPANET, hostnames were converted to numerical addresses using a hosts.txt file stored locally on each computer. This system evolved into today's hierarchical domain name system (DNS). Namecoin is a new--and old--alternative to DNS: it relies on a locally stored file, like the hosts.txt file, but the file is a blockchain, similar to that used in Bitcoin financial transactions. This cryptoDNS offers anonymity, security, and resistance to censorship--features...

Read More
Why Is Measurement So Hard?

Why Is Measurement So Hard?

• Insider Threat Blog
Katie C. Stewart

Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this is the common question, it lacks context. Organizations vary in size, mission, risk appetites, and budget for security. There is no "one size fits all" for security metrics....

Read More
CERT NITC Insider Threat Program Manager Certificate

CERT NITC Insider Threat Program Manager Certificate

• Insider Threat Blog
Robin M. Ruefle

Increasingly, organizations, including the federal government and industry, are recognizing the need to counter insider threats and are doing it through specially focused teams. The CERT Division National Insider Threat Center (NITC) offers an Insider Threat Program Manager certificate to help organizations build such teams and supports programs that are flexible, based on best practices, and tailored to the unique circumstances of individual organizations....

Read More
Head in the Clouds

Head in the Clouds

• Insider Threat Blog
Matthew Butkovic

The transition from on-premises information systems to cloud services represents a significant, and sometimes uncomfortable, new way of working for organizations. Establishing meaningful Service Level Agreements (SLAs) and monitoring the security performance of cloud service providers are two significant challenges. This post proposes that a process- and data-driven approach would alleviate these concerns and produce high-quality SLAs that reduce risk and increase transparency....

Read More
7 Considerations for Cyber Risk Management

7 Considerations for Cyber Risk Management

• Insider Threat Blog
David Tobar

Each year brings new cybersecurity threats, breaches, and previously unknown vulnerabilities in established systems. Even with unprecedented vulnerabilities such as Spectre and Meltdown, the approach to dealing with the risks they pose is the same as ever: sound risk management with systematic processes to assess and respond to risks. This post offers seven considerations for cyber risk management....

Read More