Insider threat programs can better implement controls and detect malicious insiders when they communicate indicators of insider threat consistently and in a commonly accepted language. The Insider Threat Indicator Ontology is intended to serve as a standardized expression of potential indicators of malicious insider activity.
Editor's note: This blog post first appeared on the FAIR Institute Blog.
Organizations with a mix of cutting-edge technologies and legacy systems need adaptable, agile frameworks that provide executives with a real-time view of cyber risks. They also need tools and processes to ensure that everyone from executives to practitioners practice sound, consistent risk management.
Mitigating insider threats is a multifaceted challenge that involves the collection and analysis of data to identify threat posed by many different employee types (such as full-time, part-time, or contractors) with authorized access to assets such as people, information, technology, and facilities. The landscape of software and tools designed to aid in this process is almost as wide and varied as the problem itself, which leaves organizations with the challenge of understanding not only the complexities of insider threats, but also the wide array of tools and techniques that can assist with threat mitigation. This post explores some of the recommended tool features and functionality available through use of a combination of tools, as well as a proposed process to implement and operate controls at an organization.
In our cyber resilience assessments at the CERT Division of the SEI, we often find that organizations struggle with several fundamentals of cybersecurity management. Specifically, organizations have trouble identifying what critical assets need to be protected and then implementing specific cyber architecture controls, such as network segmentation and boundary protection, to protect them. This post will be the first in a series focusing on common weaknesses in organizational cybersecurity architecture. This initial post focuses on the importance of identifying an organization's critical assets and data so it can design a cybersecurity architecture that incorporates controls to protect those systems.