search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

The CERT Division's National Insider Threat Center (NITC) Symposium

The CERT Division's National Insider Threat Center (NITC) Symposium

• Insider Threat Blog
Randy Trzeciak

Addressing the Challenges of Maturing an Insider Threat (Risk) Program On May 10, 2019, the Software Engineering Institute's National Insider Threat Center (NITC) will host the 6th Annual Insider Threat Symposium, with this year's theme, "Maturing Your Insider Threat (Risk) Program." The purpose of the symposium is to bring together practitioners on the front lines of insider threat mitigation to discuss the challenges and successes of maturing their insider threat (risk) programs. You will have...

Read More
A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

• Insider Threat Blog
Michael C. Theis

(Or..."How This One Weird Thing Can Take Your Program to the Next Level!") The CERT National Insider Threat Center (NITC) continues to transition its insider threat research to the public through its publications of the Common Sense Guide to Mitigating Insider Threats (CSG), blog posts, and other research papers. We recently released an updated version of the CSG: the Common Sense Guide to Mitigating Insider Threats, Sixth Edition. In this post, I'll highlight the new...

Read More
Are You Providing Cybersecurity Awareness, Training, or Education?

Are You Providing Cybersecurity Awareness, Training, or Education?

• Insider Threat Blog
Mike Petock

When I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely am I provided with any solutions or actions to remediate the problem. As a cybersecurity trainer with 17+ years of experience and a degree in education, I understand that developing a good presentation is a challenge in any domain. Fortunately for cybersecurity professionals, the National Institute of Standards and Technology (NIST) can help you choose...

Read More
Insider Threats in Entertainment (Part 8 of 9: Insider Threats Across Industry Sectors)

Insider Threats in Entertainment (Part 8 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Mark Dandrea

This post was co-authored by Carrie Gardner. The Entertainment Industry is the next spotlight blog in the Industry Sector series. Movie and television producers have long entertained the public with insider threat dramas such as Jurassic Park, Office Space, or the more recent Mr. Robot. These dramas showcase the magnitude of damage that can occur from incidents involving our assumed good, trusted employees. Yet as we discuss in this post, movie producers and the entertainment...

Read More
Insider Threats in Healthcare (Part 7 of 9: Insider Threats Across Industry Sectors)

Insider Threats in Healthcare (Part 7 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Josh Vasko

This post was co-authored by Carrie Gardner. Next in the Insider Threats Across Industry Sectors series is Healthcare. As Healthcare-related information security conversations are predominantly driven by security and privacy concerns related to patient care and data, it's important to recognize the magnitude of security lapses in this sector. Patients can face severe, permanent consequences from medical record misuse, alteration, or destruction. And medical record fraud vis-a-vis identify theft, otherwise known simply as Fraud in...

Read More
Top 5 Incident Management Issues

Top 5 Incident Management Issues

• Insider Threat Blog
Mike Fritz

The CERT Division of the SEI has a history of helping organizations develop, improve, and assess their incident management functions. Frequently we discover that an organization's primary focus is on security incident response, rather than the broader effort of security incident management. Incident response is just one step in the incident management lifecycle. In this blog post, we look at five recurring issues we regularly encounter in organizations' Incident Management programs, along with recommended solutions....

Read More
Insider Threats in Information Technology (Part 6 of 9: Insider Threats Across Industry Sectors)

Insider Threats in Information Technology (Part 6 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Michaela Webster

This blog post was co-authored by Carrie Gardner. As Carrie Gardner wrote in the second blog post in this series, which introduced the Industry Sector Taxonomy, information technology (IT) organizations fall in the NAICS Code category professional, scientific, and technology. IT organizations develop products and perform services advancing the state of the art in technology applications. In many cases, these services directly impact the supply chain since many organizations rely on products and services from...

Read More