Insider Threat Archive: 2019-02

The CERT Division of the SEI has a history of helping organizations develop, improve, and assess their incident management functions. Frequently we discover that an organization's primary focus is on security incident response, rather than the broader effort of security incident management. Incident response is just one step in the incident management lifecycle. In this blog post, we look at five recurring issues we regularly encounter in organizations' Incident Management programs, along with recommended solutions. By discovering and resolving these issues, organizations can attain a better cybersecurity posture.

This blog post was co-authored by Carrie Gardner.

As Carrie Gardner wrote in the second blog post in this series, which introduced the Industry Sector Taxonomy, information technology (IT) organizations fall in the NAICS Code category professional, scientific, and technology. IT organizations develop products and perform services advancing the state of the art in technology applications. In many cases, these services directly impact the supply chain since many organizations rely on products and services from other organizations to perform and carry out their own business goals. This post covers insider incidents in the IT sector and focuses mainly on malicious, non-espionage incidents.