Archive: 2015-03

An effective Insider Threat Program includes participation from the essential business areas of an organization. The National Insider Threat Task Force (NITTF) Minimum Standards identify the particular groups that should be represented in an insider threat program.

Hi, this is Mike Albrethsen of the CERT Insider Threat Center with information about which groups should be included in the operation of an effective InTP and why.

These are the groups that the NITTF recommends participate in InTPs:

Hi, I'm Matt Collins, an Insider Threat Researcher at the CERT Insider Threat Center. This week in the third installment of our series, we'll take a look at the first component of an insider threat program: the formalized program itself. In last week's post, I summarized the elements of a successful insider threat program.

Why a formalized program?

A formalized insider threat program demonstrates the commitment of the organization to due care and due diligence in the protection of its critical assets. A formal program is essential to providing consistent and repeatable prevention, detection, and responses to insider incidents in an organization. These mature and well defined processes, designed with input from legal counsel and stakeholders across the organization, ensure that employee privacy and civil liberties are protected.

Before establishing an insider threat program in your organization, you first must understand the required components of such a program. In this second of a series of 18 posts, I will introduce you to the elements of an effective insider threat program.

Hi, I'm Matt Collins, an Insider Threat Researcher at the CERT Insider Threat Center. In the previous post, Randy Trzeciak discussed CERT insider threat work and reasons why an organization might want to establish an insider threat program. Today I'll describe the components required for an effective insider threat program. Developing and implementing these program components helps organizations protect and provide appropriate access to their intellectual property, critical assets, systems, and data.

Are you planning on establishing an insider threat program in your organization? If so, you'll find this series of 18 blog posts helpful. In this post, the first in the series, I explain why having an insider threat program is a good idea and summarize the topics my colleagues and I will be covering in this series.

My name is Randy Trzeciak, the Technical Manager of the Insider Threat Center in the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University. For the past 14 years, our team has been researching insider threats in an attempt to understand how insider incidents evolve over time as well as how organizations can prepare themselves to mitigate this complex threat. To date, we have collected and analyzed over 1000 actual insider incidents and have published over 100 reports that describe the threat and best practices for addressing it (