The Common Sense Guide to Mitigating Insider Threats Expanded
Hi, this is George Silowash of the CERT Insider Threat Center. I am happy to announce the release of the Common Sense Guide to Mitigating Insider Threats, 4th Edition. This edition introduces four new best practices for preventing and detecting insider threats and a number of new features.
The new best practices introduced in the 4th edition include
Practice 9: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
Practice 17: Establish a baseline of normal network device behavior.
Practice 18: Be especially vigilant regarding social media.
Practice 19: Close the doors to unauthorized data exfiltration.
All of the original best practices include updated information and new ideas for detecting and preventing insider threats gleaned from experiences in the Federal government and private industry.
The guide also introduces new features that we hope will make it more user friendly for organizations of all sizes. These features include
Team Table: A table indicating the teams involved in a best practice is at the beginning of every practice making it easy to identify relevant material.
Challenges: Each practice lists challenges to implementing a best practice, thereby allowing organizations to quickly identify areas that may need to be addressed before implementing a practice.
Quick Wins and High-Impact Solutions: This section contains a list of quick wins for jump-starting your organization's insider threat program.
Many of the practices include references to other best practices in the industry, such as NIST Special Publication 800-53 (SP800-53 Revision 3), International Standards Organization (ISO) 27002, and CERT Resilience Management Model (RMM). Organizations that utilize these frameworks may find it easier to implement the best practices presented in this version of the Common Sense Guide.
We hope you will find the Common Sense Guide to Mitigating Insider Threats, 4th Edition to be immediately useful to you and your organization. We appreciate any feedback you may have. Please send all comments to firstname.lastname@example.org.