search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Common Sense Guide to Mitigating Insider Threats - Best Practice 2 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 2 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Randy Trzeciak, Technical Team Lead of Insider Threat Research for the CERT Program, with the second of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 1 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 1 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is George J. Silowash, Cybersecurity Threat and Incident Analyst for the CERT Program, with the first of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. In the coming weeks, my colleagues and I in the CERT Insider Threat Center will, in a series of blog posts, introduce this edition of the guide by presenting each recommended practice in...

Read More
Fourth Edition of the Common Sense Guide to Mitigating Insider Threats Is Released

Fourth Edition of the Common Sense Guide to Mitigating Insider Threats Is Released

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Lori Flynn, insider threat researcher for the CERT Program. We are proud to announce the release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats. We are grateful to the U.S. Department of Homeland Security, Federal Network Resilience (FNR) division within the Office of Cybersecurity and Communications, which sponsored updating and augmenting the previous edition released in 2009.The newest edition is based on our significantly expanded database of...

Read More

"Spotlight On: Insider Threat from Trusted Business Partners" Article Revised and Released

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Todd Lewellen of the CERT Insider Threat Center. We are excited to announce that a revised version of our Spotlight On: Insider Threat from Trusted Business Partners article has been released. It has been almost three years since the first version of this article was published. During that time, our collection of insider threat case data has grown significantly. Specifically, we have collected 30 additional cases involving trusted business partners (TBPs) alone,...

Read More
External Threat Analysis

External Threat Analysis

• Insider Threat Blog
CERT Insider Threat Center

Hi, this is Dan Klinedinst of the CERT Enterprise Threat and Vulnerability Management team. Recently we've been looking to extend the methodologies from our insider threat research to other sorts of threats. Personally, I'm interested in applying well-known analysis techniques to security data in an automated fashion. The goal is to identify classes of threats and watch how they evolve over time. This analysis will allow organizations to adjust their defenses and resources based on...

Read More