search menu icon-carat-right cmu-wordmark

Archive: 2016

Defending Against Phishing

Defending Against Phishing

• Insider Threat Blog
Michael J. Albrethsen

When IT and security professionals discuss phishing, the need for improved user education is often the main focus. While user education is vital and can lead to faster discovery of attacks through increased reporting of phishing attempts, it's important to understand the limits of user education when trying to reduce phishing risks....

Read More
Sentiment Analysis in the Context of Insider Threat

Sentiment Analysis in the Context of Insider Threat

• Insider Threat Blog
Jason W. Clark

In this blog post, I describe sentiment analysis and discuss its use in the area of insider threat. Sentiment analysis, often referred to as opinion mining, refers to the application of natural language processing (NLP), computational linguistics, and text analytics to identify and extract subjective information in source materials (Wikipedia)....

Read More
Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)

Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)

• Insider Threat Blog
Sarah Miller

IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of a victim organization. What makes sabotage so compelling a concern is the notion that a few lines of code can put an organization out of business....

Read More
Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)

Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)

• Insider Threat Blog
Sarah Miller

In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is a relationship between an insider's salary and the financial impact of related incidents. Comparing the estimated salary of malicious insiders with impacts self-reported by victim organizations in publicly available sources (i.e., in court filings) may offer analytical insight for quantifying risk....

Read More
Building an Insider Threat Program: Some Low-Cost Tools (Part 2 of 2)

Building an Insider Threat Program: Some Low-Cost Tools (Part 2 of 2)

• Insider Threat Blog
George Silowash

This is the second part of a two-part series about considering low-cost tools for starting your insider threat program. In the first part of this series, I discussed the five categories of tools available to insider threat programs to use, as needed, as part of their operations. In this part, I provide examples of low-cost tools that are available in this space....

Read More
Building an Insider Threat Program: Five Important Categories of Tools (Part 1 of 2)

Building an Insider Threat Program: Five Important Categories of Tools (Part 1 of 2)

• Insider Threat Blog
George Silowash

This is the first part of a two-part series that explores open source, free, or low-cost solutions to help you get the technical portion of your insider threat program started. As defined by opensource.com, open source software is "software with source code that anyone can inspect, modify, and enhance." Free tools are available at no cost, but the source code is "closed," meaning that it cannot be examined or modified....

Read More
Malicious Insiders in the Workplace Series: How Does an Insider's Gender Relate to the Type of Incident? (Part 1 of 4)

Malicious Insiders in the Workplace Series: How Does an Insider's Gender Relate to the Type of Incident? (Part 1 of 4)

• Insider Threat Blog
Sarah Miller

Much attention has been paid to understanding the impacts of an insider threat incident. In examining recorded cases, trends begin to emerge over time just as with any other data set. However, despite these malicious insiders using technical means to cause harm, there is still a human component that should be considered. Who, collectively, are these malicious insiders that caused harm? What do we know about them? This blog post is the first of a...

Read More
Responding to New Federal Requirements for Contractors

Responding to New Federal Requirements for Contractors

• Insider Threat Blog
Randy Trzeciak

On May 18, 2016, the DOD published Change 2 to DoD 5220.22-M, "National Industrial Security Operating Manual (NISPOM)," which requires contractors to establish and maintain an insider threat program to detect, deter, and mitigate insider threats. The intent of this blog post is to describe the summary of changes required by Change 2 and the impact it will have on contracting organizations....

Read More
The Frequency and Impact of Insider Collusion

The Frequency and Impact of Insider Collusion

• Insider Threat Blog
Sarah Miller

Collusion among malicious insiders can produce a larger attack surface in terms of access to organizational assets. In theory, multiple actors could perform reconnaissance from within the "need-to-know" aspect of their job responsibilities to commit fraud or theft of intellectual property. Consequently, these malicious actors could then evade detection, presenting a real threat to an organization. In this blog post, I explore the concept of collusion among malicious insiders....

Read More
Mitigating Insider Incidents with Threat Indicator Standardization

Mitigating Insider Incidents with Threat Indicator Standardization

• Insider Threat Blog
Carrie Gardner

Effective cross-department collaboration usually requires a common standard language for communication. Until recently, the insider threat community has suffered from a lack of standardization when expressing potential insider threat risk indicators. The CERT Division's research into insider threat detection, prevention, and mitigation methods steered the design process for a newly proposed ontology for communicating insider threat indicators. Such an ontology allows organizations to share threat detection intelligence. In this post, I briefly describe our recently...

Read More