search menu icon-carat-right cmu-wordmark

Archive: 2017

Governing the Internet of Things (IoT)

Governing the Internet of Things (IoT)

• Insider Threat Blog
Katie C. Stewart

The Internet of Things (IoT) is proliferating exponentially, exposing organizations to an increased risk of IoT-targeted attacks, such as botnets and DDoS attacks. In this blog post, I explore the challenges of dealing with the IoT and some approaches that organizations can use to reduce their risk as they adopt more IoT technologies....

Read More
Mapping the Cyber Resilience Review to the Financial Sector's Cybersecurity Assessment Tool

Mapping the Cyber Resilience Review to the Financial Sector's Cybersecurity Assessment Tool

• Insider Threat Blog
Jeffrey Pinckard

This post is also authored by Michael Rattigan and Robert A. Vrtis. In 2013 the White House directed the nation's critical infrastructure sectors to improve their cybersecurity. The financial sector responded by publishing the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool (CAT)--an extensive, thorough method for determining an institution's cyber posture and reporting compliance to regulators, keyed to the National Institute of Science and Technology (NIST) Cybersecurity Framework (CSF). A lightweight, voluntary, no-cost...

Read More
Announcing Insider Threat Analyst Training from the CERT National Insider Threat Center

Announcing Insider Threat Analyst Training from the CERT National Insider Threat Center

• Insider Threat Blog
Daniel Costa

The CERT National Insider Threat Center (NITC) has recently developed an Insider Threat Analyst Training course. This three-day, instructor-led, classroom-based course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. Students learn various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability. The course includes instructor lectures and group discussions, as well as hands-on exercises with...

Read More
Announcing the National Insider Threat Center

Announcing the National Insider Threat Center

• Insider Threat Blog
Randy Trzeciak

The CERT® Division of the Software Engineering Institute (SEI) at Carnegie Mellon University is proud to announce the creation of the CERT National Insider Threat Center (NITC). The establishment of this center builds on our 16 years of work in the insider threat domain. The NITC allows the SEI to enhance its insider threat work across the Department of Defense, U.S. government, industry, and academia. The Center's expanded capabilities give security practitioners access to insider...

Read More
Cyber Hygiene: 11 Essential Practices

Cyber Hygiene: 11 Essential Practices

• Insider Threat Blog
Matthew Trevors

This post is also authored by Charles M. Wallen. Tightening an organization's cybersecurity can be very complex, and just purchasing a piece of new hardware or software isn't enough. Instead, you might begin by looking at the most common baseline cyber practices that other organizations use in their cybersecurity programs--their cyber hygiene. This post will introduce fundamental cyber hygiene practices for organizations and help you understand the cyber-risk problem space....

Read More
The 3 Pillars of Enterprise Cyber Risk Management

The 3 Pillars of Enterprise Cyber Risk Management

• Insider Threat Blog
Brett Tucker

Equifax. Target. The Office of Personnel Management. Each new cyber hack victim has a story that makes the need for cyber risk management more urgent. Any organization hoping to maintain operational resilience during disruption should implement risk management. Unfortunately, that comes with many unknowns: Which risk management framework to use? Is risk management expensive? What's the return on investment? This post will help you guide your organization out of this decision paralysis by introducing the...

Read More
Blog Expands to Cover More

Blog Expands to Cover More

• Insider Threat Blog
Summer Fowler

You've known this blog as the Insider Threat blog, and this will continue to be your go-to source as we share our findings and explore the impact insider threat has on information technology and human resources practices and policies. Our new, expanded content will cover topics across a more broad spectrum that will continue to include insider threat topics as well as others related to how organizations ensure their resilience against disruptive events like cyberattacks....

Read More
Wrap Up of CERT Best Practices to Mitigate Insider Threats Series

Wrap Up of CERT Best Practices to Mitigate Insider Threats Series

• Insider Threat Blog
Randy Trzeciak

We hope you enjoyed our 20-part blog series describing the best practices included in the Common Sense Guide to Mitigating Insider Threats published by the CERT Insider Threat Center. Our goal for the series was to highlight each best practice and provide a few quick wins for you to consider as you attempt to identify and mitigate insider threats in your organization....

Read More
Employee Termination Procedure (Part 20 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Employee Termination Procedure (Part 20 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Jason W. Clark

The 20th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 20: Develop a comprehensive employee termination procedure. In this post, I discuss the importance of establishing a termination procedure that is consistently communicated and applied across the enterprise....

Read More
Institutionalizing System Change Controls (Part 17 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Institutionalizing System Change Controls (Part 17 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Michael C. Hansell

The 17th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 17: Institutionalize System Change Controls. Organizations must change their systems and applications in a consistent, formalized manner. Controls must be put into place to ensure that assets, digital or otherwise, are protected from manipulations by an insider. In this post, I discuss case studies involving change control and a describe how to build a roadmap...

Read More
Cloud Service Agreements (Part 16 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Cloud Service Agreements (Part 16 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Jean Marie Handy

The 16th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 16: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. In this post, I discuss the importance of including provisions for data access control and monitoring in agreements with cloud service providers....

Read More
Establishing Baseline Behaviors (Part 14 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Establishing Baseline Behaviors (Part 14 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Carrie Gardner

The 14th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 14: Establish a baseline of normal behavior for both networks and employees. In this post, I discuss the importance of considering data volume, velocity, variety, and veracity when establishing a baseline of network or employee behavior....

Read More
Mobile Devices and Other Remote Access (Part 13 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Mobile Devices and Other Remote Access (Part 13 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Michael C. Hansell

The 13th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 13: Monitor and control remote access from all end points, including mobile devices. In this post, I discuss the importance of having policies and procedures in place that dictate how remote access from end points are monitored and controlled....

Read More
Data Management and Event Correlation (Part 12 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Data Management and Event Correlation (Part 12 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Michael J. Albrethsen

The twelfth practice described in the newly released Common Sense Guide to Mitigating Insider Threats is Practice 12: Deploy solutions for monitoring employee actions and correlating information from multiple data sources. In this post, I discuss this newer practice that involves collecting, managing, and analyzing data from multiple sources that offers insights into insider activity that can lead to cybersecurity incidents....

Read More
Privileged Account Management (Part 11 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Privileged Account Management (Part 11 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Derrick Spooner

The eleventh practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 11: Institute stringent access controls and monitoring policies on privileged users. In this post, I discuss the importance of privileged account management and its effect on the security of the organization....

Read More
Security Awareness and Training (Part 9 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Security Awareness and Training (Part 9 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Robin M. Ruefle

The ninth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 9: Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees. In this post, I discuss the importance of educating employees, managers, and trusted business partners about the role they play in preventing, detecting, and mitigating insider threats, and practices they should follow for protecting organizational critical assets....

Read More
Stress Management and Mistake Minimization (Part 8 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Stress Management and Mistake Minimization (Part 8 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Samuel J. Perl

The eighth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 8: Structure management and tasks to minimize insider stress and mistakes. In this post, I discuss the importance of understanding the psychology of your organization's workforce and how it can help its employees balance work pressures while maintaining an atmosphere that supports productivity and minimizes stress and mistakes....

Read More
Social Media Awareness (Part 7 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Social Media Awareness (Part 7 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Ryan C. Lewis

The seventh practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 7: Be especially vigilant regarding social media. In this post, I discuss the importance of having clear social media policies and conducting social engineering training to help mitigate issues with unintentional insider threat....

Read More
Enterprise-Wide Risk Assessments (Part 6 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Enterprise-Wide Risk Assessments (Part 6 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Andrew Moore

The sixth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 6: Consider threats from insiders and business partners in enterprise-wide risk assessments. In this post, I discuss the importance of developing a comprehensive, risk-based security strategy to prevent, detect, and respond to insider threats, including those caused by business partners that are given authorized access....

Read More
Negative Issues in the Work Environment (Part 5 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Negative Issues in the Work Environment (Part 5 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Tracy Cassidy

The fifth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 5: Anticipate and manage negative issues in the work environment. In this post, I discuss the importance of understanding organizational issues that may cause employee disgruntlement, being proactive, and identifying and responding to concerning behaviors in the workplace....

Read More
Suspicious and Disruptive Behavior Monitoring and Response (Part 4 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Suspicious and Disruptive Behavior Monitoring and Response (Part 4 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Tracy Cassidy

The fourth practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 4: Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. In this post, I discuss the importance of early identification of suspicious and disruptive behavior in the workplace to mitigate potential insider threats....

Read More
Policy and Control Documentation and Enforcement (Part 3 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Policy and Control Documentation and Enforcement (Part 3 of 20: CERT Best Practices to Mitigate Insider Threats Series)

• Insider Threat Blog
Mark T. Zajicek

The third practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 3: Clearly document and consistently enforce policies and controls. In this post, I discuss the importance of having consistent and articulated policies and controls in place within your organization....

Read More
Introduction to the CERT Best Practices to Mitigate Insider Threats Blog Series

Introduction to the CERT Best Practices to Mitigate Insider Threats Blog Series

• Insider Threat Blog
Randy Trzeciak

We at the CERT Insider Threat Center are proud to announce the release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats (CSG). This edition of our best practice guide is based on our significantly expanded corpus of more than 1,000 insider threat incidents and our continued research and analysis. This edition covers new technologies and new threats....

Read More
Moving Beyond Resilience to Prosilience

Moving Beyond Resilience to Prosilience

• Insider Threat Blog
Summer Fowler

Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way to not just manage risks, but to achieve mission assurance. Resilience has been codified in our CERT-Resilience Management Model (CERT-RMM), which is a maturity framework of best practices across security, business continuity, and information technology operations focused on an organization's critical assets....

Read More
2016 U.S. State of Cybercrime Highlights

2016 U.S. State of Cybercrime Highlights

• Insider Threat Blog
Sarah Miller

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These reports are based on surveys of approximately 400 organizations across the country, ranging in size from less than 100 employees to over 10,000....

Read More