We at the CERT Insider Threat Center are proud to announce the release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats (CSG). This edition of our best practice guide is based on our significantly expanded corpus of more than 1,000 insider threat incidents and our continued research and analysis. This edition covers new technologies and new threats.
Insider Threat - the potential for an individual who has or had authorized access to an organization's assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.
Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way to not just manage risks, but to achieve mission assurance. Resilience has been codified in our CERT-Resilience Management Model (CERT-RMM), which is a maturity framework of best practices across security, business continuity, and information technology operations focused on an organization's critical assets.
Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These reports are based on surveys of approximately 400 organizations across the country, ranging in size from less than 100 employees to over 10,000.
When IT and security professionals discuss phishing, the need for improved user education is often the main focus. While user education is vital and can lead to faster discovery of attacks through increased reporting of phishing attempts, it's important to understand the limits of user education when trying to reduce phishing risks.
In this blog post, I describe sentiment analysis and discuss its use in the area of insider threat. Sentiment analysis, often referred to as opinion mining, refers to the application of natural language processing (NLP), computational linguistics, and text analytics to identify and extract subjective information in source materials (Wikipedia).
In my previous blog post, I began to update sabotage statistics provided in 2010. In this second post, I explore how organizations can begin to protect themselves from IT sabotage by learning to identify and appropriately respond to its precursors. The CERT Insider Threat Incident Corpus contains 153 incidents of sabotage.
IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of a victim organization. What makes sabotage so compelling a concern is the notion that a few lines of code can put an organization out of business.