search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Wrap Up of CERT Best Practices to Mitigate Insider Threats Series

Wrap Up of CERT Best Practices to Mitigate Insider Threats Series

• Insider Threat Blog
Randy Trzeciak

We hope you enjoyed our 20-part blog series describing the best practices included in the Common Sense Guide to Mitigating Insider Threats published by the CERT Insider Threat Center. Our goal for the series was to highlight each best practice and provide a few quick wins for you to consider as you attempt to identify and mitigate insider threats in your organization....

Read More
Employee Termination Procedure (Part 20 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Employee Termination Procedure (Part 20 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Jason W. Clark

The 20th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 20: Develop a comprehensive employee termination procedure. In this post, I discuss the importance of establishing a termination procedure that is consistently communicated and applied across the enterprise....

Read More
Institutionalizing System Change Controls (Part 17 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Institutionalizing System Change Controls (Part 17 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Michael C. Hansell

The 17th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 17: Institutionalize System Change Controls. Organizations must change their systems and applications in a consistent, formalized manner. Controls must be put into place to ensure that assets, digital or otherwise, are protected from manipulations by an insider. In this post, I discuss case studies involving change control and a describe how to build a roadmap...

Read More
Cloud Service Agreements (Part 16 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Cloud Service Agreements (Part 16 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Jean Marie Handy

The 16th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 16: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. In this post, I discuss the importance of including provisions for data access control and monitoring in agreements with cloud service providers....

Read More