Hello, this is George J. Silowash, Cybersecurity Threat and Incident Analyst for the CERT Program, with the first of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. In the coming weeks, my colleagues and I in the CERT Insider Threat Center will, in a series of blog posts, introduce this edition of the guide by presenting each recommended practice in a blog post.
The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. This new edition of the guide is based on our significantly expanded database of more than 700 insider threat cases and continued research and analysis; it covers new technologies and new threats. The guide describes 19 best practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so. The first of the 19 practices follows.
Hi, this is George Silowash of the CERT Insider Threat Center. I am happy to announce the release of the Common Sense Guide to Mitigating Insider Threats, 4th Edition. This edition introduces four new best practices for preventing and detecting insider threats and a number of new features.
Hello, this is Lori Flynn, insider threat researcher for the CERT Program. We are proud to announce the release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats. We are grateful to the U.S. Department of Homeland Security, Federal Network Resilience (FNR) division within the Office of Cybersecurity and Communications, which sponsored updating and augmenting the previous edition released in 2009.The newest edition is based on our significantly expanded database of more than 700 insider threat cases and continued research and analysis, and it covers new technologies and new threats.
Hello, this is Matt Collins, a graduate assistant at the CERT Insider Threat Center. While the center's research has found that insider threats impact all industry sectors, this post narrows the focus to insider threats in the state and local government sectors.
Hello, this is Todd Lewellen of the CERT Insider Threat Center. We are excited to announce that a revised version of our Spotlight On: Insider Threat from Trusted Business Partners article has been released. It has been almost three years since the first version of this article was published. During that time, our collection of insider threat case data has grown significantly. Specifically, we have collected 30 additional cases involving trusted business partners (TBPs) alone, which increased our sample population from 45 to 75 cases. Some of these case examples have been included in the new revision of the article.
Hi, this is Dan Klinedinst of the CERT Enterprise Threat and Vulnerability Management team. Recently we've been looking to extend the methodologies from our insider threat research to other sorts of threats. Personally, I'm interested in applying well-known analysis techniques to security data in an automated fashion. The goal is to identify classes of threats and watch how they evolve over time. This analysis will allow organizations to adjust their defenses and resources based on the type of threat they face and the risk it poses to their business or mission.
Hi, this is Bill Claycomb and Alex Nicoll with the final installment of a series on cloud-related insider threats. In this post, we present our conclusion on the current state of cloud-related insider threats and our vision for the future.
Hi, this is Dawn Cappelli, Director of the CERT Insider Threat Center. Last week I had the pleasure of participating in The Insider Threat Awareness Virtual Roundtable webinar, which was sponsored by the DHS Office of Infrastructure Protection. The webinar was moderated by Jon Richeson from DHS, and I was joined by the Supervisory Special Agent from the Insider Threat Investigations Unit of the FBI.