search menu icon-carat-right cmu-wordmark

Archive: May 2019

High-Level Technique for Insider Threat Program's Data Source Selection

High-Level Technique for Insider Threat Program's Data Source Selection

• Insider Threat Blog
Robert M. Ditmore

This blog discusses an approach that the CERT Division's National Insider Threat Center developed to assist insider threat programs develop, validate, implement, and share potential insider threat risk indicators (PRIs). The motivation behind our approach is to provide a broad, tool-agnostic framework to promote sharing indicator details. You might share these details among your insider threat team personnel and other key stakeholders, such as Human Resources, Legal, and Information Technology, before the direct dive into...

Read More
Windows Event Logging for Insider Threat Detection

Windows Event Logging for Insider Threat Detection

• Insider Threat Blog
Derrick Spooner

In this post, I continue my discussion on potential low-cost solutions to mitigate insider threats for smaller organizations or new insider threat programs. I describe a few simple insider threat use cases that may have been detected using Windows Event logging, and I suggest a low-effort solution for collecting and aggregating logs from Windows hosts....

Read More