search menu icon-carat-right cmu-wordmark

Subject: Best Practices in Network Security

Anti-Phishing Training: Is It Working? Is It Worth It?

Anti-Phishing Training: Is It Working? Is It Worth It?

• Insider Threat Blog
Mike Petock

Phishing attacks target human, rather than technical, vulnerabilities. Some organizations, companies, government agencies, educational institutions, and individuals put on blinders and hope it doesn't happen to them. Others try to prevent the problem by paying for anti-phishing training. Speaking from a cybersecurity trainer's perspective, good training should change user behavior and reduce the primary problem: in this case, an incident or breach initiated by a successful phishing attack. Even for effective training, the cost should...

Read More
Mapping Cyber Hygiene to the NIST Cybersecurity Framework

Mapping Cyber Hygiene to the NIST Cybersecurity Framework

• Insider Threat Blog
Matthew Trevors

In honor of Cybersecurity Awareness Month, I decided to put fingers to keys and share some basic practices that every organization should consider for their cyber hygiene initiatives. This blog post will describe a process to determine if 41 foundational practices from the CERT Resilience Management Model (CERT-RMM) are part of your NIST Cybersecurity Framework v1.1 target profile....

Read More
Managing the Risks of Ransomware

Managing the Risks of Ransomware

• Insider Threat Blog
David Tobar

This blog post was co-authored by Jason Fricke. Ransomware poses a growing threat to both businesses and government agencies. Though no strategy can fully eliminate these risks, this post provides recommendations, and links to additional best practices, on better managing ransomware risks....

Read More
7 Guidelines for Being a TRUSTED Penetration Tester

7 Guidelines for Being a TRUSTED Penetration Tester

• Insider Threat Blog
Karen Miller

The best way to learn is by doing. But when it comes to penetration testing, learners risk legal implications and bad habits if they don't follow ethical, safe procedures. Those wishing to develop penetration testing skills are often unaware of the number of resources available for legally and safely testing penetration tools and techniques. In this blog post, I'll describe seven general practices, outlined in the acrostic "TRUSTED," that pen testing learners and professionals should...

Read More
Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

Cybersecurity Architecture, Part 2: System Boundary and Boundary Protection

• Insider Threat Blog
Jason Fricke

This post was also authored by Andrew Hoover. In Cybersecurity Architecture, Part 1: Cyber Resilience and Critical Service, we talked about the importance of identifying and prioritizing critical or high-value services and the assets and data that support them. In this post, we'll introduce our approach for reviewing the security of the architecture of information systems that deliver or support these services. We'll also describe our review's first areas of focus: System Boundary and Boundary...

Read More
4 Technical Methods for Improving Phishing Defense

4 Technical Methods for Improving Phishing Defense

• Insider Threat Blog
Brian Chamberlain

According to the Verizon 2018 Data Breach Investigations Report, email was an attack vector in 96% of incidents and breaches that involved social actions (manipulation of people as a method of compromise). The report also says an average of 4% of people will fall for any given phish, and the more phishing emails they have clicked, the more likely they are to click again. The mantra of "more user training" may be helping with the...

Read More
Cybersecurity Architecture, Part 1: Cyber Resilience and Critical Service

Cybersecurity Architecture, Part 1: Cyber Resilience and Critical Service

• Insider Threat Blog
Andrew Hoover

In our cyber resilience assessments at the CERT Division of the SEI, we often find that organizations struggle with several fundamentals of cybersecurity management. Specifically, organizations have trouble identifying what critical assets need to be protected and then implementing specific cyber architecture controls, such as network segmentation and boundary protection, to protect them. This post will be the first in a series focusing on common weaknesses in organizational cybersecurity architecture. This initial post focuses on...

Read More
Insider Threat Supply Chain Best Practices

Insider Threat Supply Chain Best Practices

• Insider Threat Blog
Jean Marie Handy

This blog post outlines best practices for establishing an appropriate level of control to mitigate the risks involved in working with outside entities that support your organization's mission. In today's business landscape, organizations often rely on suppliers such as technology vendors, suppliers of raw materials, shared public infrastructure, and other public services. These outside entities are all examples of the supply chain, which is a type of trusted business partner (TBP). However, these outside entities...

Read More