Archive: 2017-01

The 17th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 17: Institutionalize System Change Controls. Organizations must change their systems and applications in a consistent, formalized manner. Controls must be put into place to ensure that assets, digital or otherwise, are protected from manipulations by an insider. In this post, I discuss case studies involving change control and a describe how to build a roadmap for implementing a change management system. Lastly, I discuss tools that can help you develop change management policies and procedures, and some quick gains and challenges to implementing change controls.

The 16th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 16: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. In this post, I discuss the importance of including provisions for data access control and monitoring in agreements with cloud service providers.

The 14th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 14: Establish a baseline of normal behavior for both networks and employees. In this post, I discuss the importance of considering data volume, velocity, variety, and veracity when establishing a baseline of network or employee behavior.

The 13th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 13: Monitor and control remote access from all end points, including mobile devices. In this post, I discuss the importance of having policies and procedures in place that dictate how remote access from end points are monitored and controlled.

The twelfth practice described in the newly released Common Sense Guide to Mitigating Insider Threats is Practice 12: Deploy solutions for monitoring employee actions and correlating information from multiple data sources. In this post, I discuss this newer practice that involves collecting, managing, and analyzing data from multiple sources that offers insights into insider activity that can lead to cybersecurity incidents.

The ninth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 9: Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees. In this post, I discuss the importance of educating employees, managers, and trusted business partners about the role they play in preventing, detecting, and mitigating insider threats, and practices they should follow for protecting organizational critical assets.

The eighth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 8: Structure management and tasks to minimize insider stress and mistakes. In this post, I discuss the importance of understanding the psychology of your organization's workforce and how it can help its employees balance work pressures while maintaining an atmosphere that supports productivity and minimizes stress and mistakes.

The seventh practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 7: Be especially vigilant regarding social media. In this post, I discuss the importance of having clear social media policies and conducting social engineering training to help mitigate issues with unintentional insider threat.

The sixth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 6: Consider threats from insiders and business partners in enterprise-wide risk assessments. In this post, I discuss the importance of developing a comprehensive, risk-based security strategy to prevent, detect, and respond to insider threats, including those caused by business partners that are given authorized access.

The fifth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 5: Anticipate and manage negative issues in the work environment. In this post, I discuss the importance of understanding organizational issues that may cause employee disgruntlement, being proactive, and identifying and responding to concerning behaviors in the workplace.

The fourth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 4: Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. In this post, I discuss the importance of early identification of suspicious and disruptive behavior in the workplace to mitigate potential insider threats.

The third practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 3: Clearly document and consistently enforce policies and controls. In this post, I discuss the importance of having consistent and articulated policies and controls in place within your organization.

We at the CERT Insider Threat Center are proud to announce the release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats (CSG). This edition of our best practice guide is based on our significantly expanded corpus of more than 1,000 insider threat incidents and our continued research and analysis. This edition covers new technologies and new threats.

Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way to not just manage risks, but to achieve mission assurance. Resilience has been codified in our CERT-Resilience Management Model (CERT-RMM), which is a maturity framework of best practices across security, business continuity, and information technology operations focused on an organization's critical assets.

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These reports are based on surveys of approximately 400 organizations across the country, ranging in size from less than 100 employees to over 10,000.