Software Engineering Institute | Carnegie Mellon University

SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

Each year brings new cybersecurity threats, breaches, and previously unknown vulnerabilities in established systems. Even with unprecedented vulnerabilities such as Spectre and Meltdown, the approach to dealing with the risks they pose is the same as ever: sound risk management with systematic processes to assess and respond to risks. This post offers seven considerations for cyber risk management.

The CERT National Insider Threat Center (NITC) has been researching insider threats since 2001. In this blog post, we provide an overview of the CERT Insider Threat Vulnerability Assessment methodology, the CERT Insider Threat Vulnerability Assessor (ITVA) Training course, and the CERT Insider Threat Vulnerability Assessor Certificate program.

There are many reasons for an organization to perform a penetration test of its information systems: to meet compliance standards, test a security team's capabilities, or determine the effectiveness of controls, to name a few. A badly scoped or poorly executed penetration test might do nothing more than validate known vulnerabilities, easily identified by software, or reiterate the efficacy of social engineering. However, with some preparation and engagement on the part of the consumer, a penetration test can provide real value to an organization's overall cybersecurity posture. Read on to learn how.

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a U.S. State of Cybercrime report1. These reports are based on surveys of more than 500 organizations across the country, ranging in size from fewer than 500 employees to more than 10,000. Each organization self-reports on information security issues that have impacted them in the past calendar year. The 2017 report covers activity that occurred in 2016. In this blog post, we share some of the findings from the upcoming report as they relate to insider threats.

The National Insider Threat Center (NITC) at the CERT Division of the SEI is developing an Insider Threat Program Evaluator (ITPE) Training course based on the methods and techniques the NITC currently uses to conduct Insider Threat Program Evaluations. This three-day, instructor-led, classroom-based, certificate training program presents strategies for measuring and evaluating an operational insider threat program within an organization. The first course will be offered in March 2018.

The Internet of Things (IoT) is proliferating exponentially, exposing organizations to an increased risk of IoT-targeted attacks, such as botnets and DDoS attacks. In this blog post, I explore the challenges of dealing with the IoT and some approaches that organizations can use to reduce their risk as they adopt more IoT technologies.

This post is also authored by Michael Rattigan and Robert A. Vrtis.

In 2013 the White House directed the nation's critical infrastructure sectors to improve their cybersecurity. The financial sector responded by publishing the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool (CAT)--an extensive, thorough method for determining an institution's cyber posture and reporting compliance to regulators, keyed to the National Institute of Science and Technology (NIST) Cybersecurity Framework (CSF). A lightweight, voluntary, no-cost tool predates them both: the Cyber Resilience Review (CRR). To increase the CRR's value to the financial sector, we mapped it to the statements from the FFIEC CAT. This post explains the mapping, as well as why financial institutions should add the CRR as a first step in their cybersecurity improvement program.

The CERT National Insider Threat Center (NITC) has recently developed an Insider Threat Analyst Training course. This three-day, instructor-led, classroom-based course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. Students learn various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability. The course includes instructor lectures and group discussions, as well as hands-on exercises with data to identify potential insider activity.