The Common Sense Guide to Mitigating Insider Threats Expanded

Hi, this is George Silowash of the CERT Insider Threat Center. I am happy to announce the release of the Common Sense Guide to Mitigating Insider Threats, 4th Edition. This edition introduces four new best practices for preventing and detecting insider threats and a number of new features.

The new best practices introduced in the 4th edition include

Practice 9: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.

Practice 17: Establish a baseline of normal network device behavior.

Practice 18: Be especially vigilant regarding social media.

Practice 19: Close the doors to unauthorized data exfiltration.

All of the original best practices include updated information and new ideas for detecting and preventing insider threats gleaned from experiences in the Federal government and private industry.

The guide also introduces new features that we hope will make it more user friendly for organizations of all sizes. These features include

Team Table: A table indicating the teams involved in a best practice is at the beginning of every practice making it easy to identify relevant material.

Challenges: Each practice lists challenges to implementing a best practice, thereby allowing organizations to quickly identify areas that may need to be addressed before implementing a practice.

Quick Wins and High-Impact Solutions: This section contains a list of quick wins for jump-starting your organization's insider threat program.

Many of the practices include references to other best practices in the industry, such as NIST Special Publication 800-53 (SP800-53 Revision 3), International Standards Organization (ISO) 27002, and CERT Resilience Management Model (RMM). Organizations that utilize these frameworks may find it easier to implement the best practices presented in this version of the Common Sense Guide.

We hope you will find the Common Sense Guide to Mitigating Insider Threats, 4th Edition to be immediately useful to you and your organization. We appreciate any feedback you may have. Please send all comments to insider-threat-feedback@cert.org.

Software Engineering Institute

SEI Blog

The Common Sense Guide to Mitigating Insider Threats Expanded

George Silowash and CERT Insider Threat Center

December 14, 2012

PUBLISHED IN

CITE

TAGS

SHARE

Written By

George Silowash

Author Page

Digital Library Publications

Send a Message

CERT Insider Threat Center

Author Page

Digital Library Publications

Send a Message

More By The Authors

High-Level Technique for Insider Threat Program's Data Source Selection

May 30, 2019 • By Robert M. Ditmore, CERT Insider Threat Center

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

April 9, 2019 • By Michael C. Theis, CERT Insider Threat Center

API Hashing Tool, Imagine That

March 25, 2019 • By Kyle O'Meara, CERT Insider Threat Center

Insider Threat Incident Analysis by Sector (Part 1 of 9)

October 11, 2018 • By Randall F. Trzeciak, CERT Insider Threat Center

Substance Use and Abuse: Potential Insider Threat Implications for Organizations

April 12, 2018 • By Tracy Cassidy, CERT Insider Threat Center

More In Insider Threat

10 Lessons in Security Operations and Incident Management

March 4, 2024 • By Robin Ruefle

CERT Releases 2 Tools to Assess Insider Risk

February 26, 2024 • By Roger Black

The 13 Key Elements of an Insider Threat Program

October 23, 2023 • By Daniel L. Costa, Randall F. Trzeciak

How to Mitigate Insider Threats by Learning from Past Incidents

October 31, 2022 • By Daniel L. Costa

Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs

May 31, 2021 • By Emily Kessel, Sarah Miller, Carrie Gardner