Introduction to the CERT Best Practices to Mitigate Insider Threats Blog Series
We at the CERT Insider Threat Center are proud to announce the release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats (CSG). This edition of our best practice guide is based on our significantly expanded corpus of more than 1,000 insider threat incidents and our continued research and analysis. This edition covers new technologies and new threats.
The guide describes 20 practices that an organization such as yours should implement across its enterprise to mitigate (i.e., deter, detect, and respond to) insider threats. It also provides updates to case studies that describe impacts to organizations that failed to mitigate their insider threats.
Each practice identifies protective and detective measures, metrics for measuring the effectiveness of the practice, potential challenges to implementing the practice, quick wins and high-impact solutions, and mappings to existing security standards (e.g., NIST, National Insider Threat Task Force [NITTF], CERT-RMM, and ISO).
We added new content to suggest mitigation strategies that address insider fraud, IT sabotage, theft of intellectual property, national security espionage, and unintentional (non-malicious) insider threats.
This edition, like the previous edition, focuses on six groups within an organization--human resources, legal, physical security, data owners, information technology, and software engineering--and a mapping that indicates which of these groups should be involved in implementing each practice.
The appendices remain consistent with the previous version with updated content provided for Best Practices Mapped to Standards, Best Practices by Organizational Group, a Checklist for Quick Wins and High Impact Solutions, and a new appendix that describes insider threat privacy considerations.
In the coming weeks, we in the CERT Insider Threat Center will release a series of blog posts, each of which will describe 1 of the 20 practices in the CSG. We hope you will follow along.
For more information about the CERT Insider Threat Center, see www.cert.org/insider-threat/. If you have questions; want to share thoughts, ideas, and suggestions for insider threat mitigation; or if you would like to suggest a topic for our future research or future blog posts, please send email to us at firstname.lastname@example.org.