search menu icon-carat-right cmu-wordmark

Archive: 2015

Handling Threats from Disgruntled Employees

Handling Threats from Disgruntled Employees

• Insider Threat Blog
CERT Insider Threat Center

Disgruntled employees can be a significant risk to any organization because they can have administrative privileges and access to systems that are necessary for the daily operation of the organization. These disgruntled employees can be identified and monitored, but without knowing what types of outcomes disgruntled insiders might accomplish, monitoring can become strenuous and overbearing. Hi, I'm Richard Bavis, Insider Threat Graduate Intern at the CERT Insider Threat Center. In this blog post, I will...

Read More
InTP Series: Conclusion and Resources (Part 18 of 18)

InTP Series: Conclusion and Resources (Part 18 of 18)

• Insider Threat Blog
CERT Insider Threat Center

The intent of this blog series was to describe a framework that you could use as you build an insider threat program (InTP) in your organization. We hope you found it a useful resource and recommend that you refer back to it as you progress through the Initiation, Planning, Operations, Reporting, and Maintenance phases of building your InTP. Hi, this is Randy Trzeciak, Technical Manager of the CERT Insider Threat Center in the CERT Division...

Read More
InTP Series: Implementation Planning (Part 17 of 18)

InTP Series: Implementation Planning (Part 17 of 18)

• Insider Threat Blog
CERT Insider Threat Center

Implementation plans are an essential component of developing an Insider Threat Program (InTP). It is important to look at the development of an implementation plan from a strategic long-term perspective. Hello, this is Tracy Cassidy, Insider Threat Researcher at the CERT Insider Threat Center. In this next-to-the-last blog post in our insider threat blog series, I'll provide an outline for developing an implementation plan....

Read More
InTP Series: The Insider Threat Framework (Part 16 of 18)

InTP Series: The Insider Threat Framework (Part 16 of 18)

• Insider Threat Blog
CERT Insider Threat Center

The single most important aspect of developing a successful insider threat program (InTP) framework is a clear vision. Therefore, it is imperative that you define your vision in a concept of operations document or charter. Hi, this is Jason W. Clark, Ph.D, an insider threat researcher with the CERT Insider Threat Center. In this blog post, I will briefly describe and define an InTP framework document....

Read More
 InTP Series: Protection of Employee Civil Liberties and Privacy Rights (Part 15 of 18)

InTP Series: Protection of Employee Civil Liberties and Privacy Rights (Part 15 of 18)

• Insider Threat Blog
CERT Insider Threat Center

The news today is buzzing with discussions regarding civil liberties and privacy rights. Insider threat program (InTP) development deals directly with these issues, specifically the protection of employees. It is essential that management to familiarize itself with existing mandates, statutes, laws, and directives that are related to InTP implementation. Hi, my name is Tracy Cassidy. I am an Insider Threat Researcher at the CERT Insider Threat Center. In this, the 15th of 18 posts in...

Read More
 InTP Series: Policies, Procedures, and Practices (Part 14 of 18)

InTP Series: Policies, Procedures, and Practices (Part 14 of 18)

• Insider Threat Blog
CERT Insider Threat Center

An InTP requires two sets of policies, procedures, and practices: one set describing the operation and components of the program and the other set describing insider threat program (InTP) activities. Hi, I'm Cindy Nesta of the CERT Insider Threat Center. In this 14th installment of the InTP Blog Series, I will provide you with a clear explanation of the policies, procedures, and practices that an InTP requires....

Read More
 InTP Series: Communicating Insider Threat Events (Part 13 of 18)

InTP Series: Communicating Insider Threat Events (Part 13 of 18)

• Insider Threat Blog
CERT Insider Threat Center

When building your organization's Insider Threat Program (InTP), be sure to clearly identify defined processes for communicating insider threat events and incidents. It is important to ensure that all affected parties are made aware of the situation. As we all know, clear, concise, detailed, and documented communication is valuable. Hi, I'm Cindy Nesta of the CERT Insider Threat Team. In this 13th installment of the InTP Series, I will touch on several things, including the...

Read More
 InTP Series: Incident Response Planning (Part 12 of 18)

InTP Series: Incident Response Planning (Part 12 of 18)

• Insider Threat Blog
CERT Insider Threat Center

Your incident response plan should cover the entire incident lifecycle, including processes for how incidents are detected, reported, contained, remediated, documented, and prosecuted (if applicable). Hello, this is Mark Zajicek at the CERT Insider Threat Center. In this week's blog post, I summarize some guidance and suggest considerations to help you to develop an insider incident response plan....

Read More
 InTP Series: Data Collection and Analysis (Part 11 of 18)

InTP Series: Data Collection and Analysis (Part 11 of 18)

• Insider Threat Blog
CERT Insider Threat Center

A core capability of any insider threat program (InTP) involves collecting data from multiple sources and analyzing that data to identify indicators of insider anomalous activity or an increase in the probability of future insider activity. This is Dan Costa, a cybersecurity solutions developer at the CERT Insider Threat Center. This week, in the eleventh installment of the InTP blog series, I'll present strategies for increasing the effectiveness of an InTP's data collection and analysis...

Read More
InTP Series: Trusted Business Partners (Part 10 of 18)

InTP Series: Trusted Business Partners (Part 10 of 18)

• Insider Threat Blog
CERT Insider Threat Center

In today's business environment, few organizations are able to operate without contractors, subcontractors, temporary employees, contract employees, or other trusted business partners. Understanding how they fit into your insider threat program (InTP) and how to manage your organization's relationships with trusted business partners is critical to protecting your organization's data, assets, and reputation. Hi, this is Ian McIntyre of the CERT Insider Threat Center. In this 10th installment of our blog series on establishing an...

Read More
InTP Series: Confidential Reporting (Part 9 of 18)

InTP Series: Confidential Reporting (Part 9 of 18)

• Insider Threat Blog
CERT Insider Threat Center

"If you see something, say something." That phrase has been a popular security slogan for some time, and it applies to insider threat as well as other security arenas. Organizations need to develop a robust reporting capability that their employees can use because they may observe concerning behaviors and dispositions that technical controls might miss. Hi, this is David McIntire of the CERT Insider Threat Center. In this installment of our blog series on establishing...

Read More
InTP Series: Training and Awareness (Part 8 of 18)

InTP Series: Training and Awareness (Part 8 of 18)

• Insider Threat Blog
CERT Insider Threat Center

The cornerstones of any insider threat program (InTP) are a formal training and awareness curriculum and a defined set of educational activities. A successful InTP requires multiple levels of training for different parts of the organization and different types of employees. Of course, any training program should fit within the mission and culture of the implementing organization and should leverage existing expertise and processes. Hi, this is Robin Ruefle, team lead of the Organizational Solutions...

Read More
InTP Series: Prevention, Detection, and Response (Part 7 of 18)

InTP Series: Prevention, Detection, and Response (Part 7 of 18)

• Insider Threat Blog
CERT Insider Threat Center

The underlying network infrastructure is a critical component of any insider threat program. In this seventh in a series of 18 posts, I will introduce a few concepts of how to use your enterprise infrastructure to prevent, detect, and respond to insider threat events. My name is Derrick Spooner, a member of the technical staff of the CERT Insider Threat Center in the Software Engineering Institute (SEI) at Carnegie Mellon University. Previous posts have introduced...

Read More
 InTP Series: Oversight of Program Compliance and Effectiveness (Part 5 of 18)

InTP Series: Oversight of Program Compliance and Effectiveness (Part 5 of 18)

• Insider Threat Blog
CERT Insider Threat Center

Why should anyone care about program compliance and effectiveness? The CERT Division's answer to this question is simple: If you're going to have an Insider Threat Program (InTP), you want it to work well and within the limits of the law. We advocate that InTPs comply with all applicable laws, regulations, policies, and established procedures in a way that effectively deters, detects, and mitigates insider threats. Be sure to regularly work with your organization's general...

Read More
InTP Series: Participation of Business Areas (Part 4 of 18)

InTP Series: Participation of Business Areas (Part 4 of 18)

• Insider Threat Blog
CERT Insider Threat Center

An effective Insider Threat Program includes participation from the essential business areas of an organization. The National Insider Threat Task Force (NITTF) Minimum Standards identify the particular groups that should be represented in an insider threat program. Hi, this is Mike Albrethsen of the CERT Insider Threat Center with information about which groups should be included in the operation of an effective InTP and why. These are the groups that the NITTF recommends participate in...

Read More
 InTP Series: The Formalized Program (Part 3 of 18)

InTP Series: The Formalized Program (Part 3 of 18)

• Insider Threat Blog
CERT Insider Threat Center

Hi, I'm Matt Collins, an Insider Threat Researcher at the CERT Insider Threat Center. This week in the third installment of our series, we'll take a look at the first component of an insider threat program: the formalized program itself. In last week's post, I summarized the elements of a successful insider threat program. Why a formalized program? A formalized insider threat program demonstrates the commitment of the organization to due care and due diligence...

Read More
InTP Series: Key Elements of an Insider Threat Program (Part 2 of 18)

InTP Series: Key Elements of an Insider Threat Program (Part 2 of 18)

• Insider Threat Blog
CERT Insider Threat Center

Before establishing an insider threat program in your organization, you first must understand the required components of such a program. In this second of a series of 18 posts, I will introduce you to the elements of an effective insider threat program. Hi, I'm Matt Collins, an Insider Threat Researcher at the CERT Insider Threat Center. In the previous post, Randy Trzeciak discussed CERT insider threat work and reasons why an organization might want to...

Read More
InTP Series: Establishing an Insider Threat Program (Part 1 of 18)

InTP Series: Establishing an Insider Threat Program (Part 1 of 18)

• Insider Threat Blog
CERT Insider Threat Center

Are you planning on establishing an insider threat program in your organization? If so, you'll find this series of 18 blog posts helpful. In this post, the first in the series, I explain why having an insider threat program is a good idea and summarize the topics my colleagues and I will be covering in this series. My name is Randy Trzeciak, the Technical Manager of the Insider Threat Center in the CERT Division of...

Read More