search menu icon-carat-right cmu-wordmark

Subject: Best Practices

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

• Insider Threat Blog
Michael C. Theis

(Or..."How This One Weird Thing Can Take Your Program to the Next Level!") The CERT National Insider Threat Center (NITC) continues to transition its insider threat research to the public through its publications of the Common Sense Guide to Mitigating Insider Threats (CSG), blog posts, and other research papers. We recently released an updated version of the CSG: the Common Sense Guide to Mitigating Insider Threats, Sixth Edition. In this post, I'll highlight the new...

Read More
Are You Providing Cybersecurity Awareness, Training, or Education?

Are You Providing Cybersecurity Awareness, Training, or Education?

• Insider Threat Blog
Mike Petock

When I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely am I provided with any solutions or actions to remediate the problem. As a cybersecurity trainer with 17+ years of experience and a degree in education, I understand that developing a good presentation is a challenge in any domain. Fortunately for cybersecurity professionals, the National Institute of Standards and Technology (NIST) can help you choose...

Read More
Insider Threat Supply Chain Best Practices

Insider Threat Supply Chain Best Practices

• Insider Threat Blog
Jean Marie Handy

This blog post outlines best practices for establishing an appropriate level of control to mitigate the risks involved in working with outside entities that support your organization's mission. In today's business landscape, organizations often rely on suppliers such as technology vendors, suppliers of raw materials, shared public infrastructure, and other public services. These outside entities are all examples of the supply chain, which is a type of trusted business partner (TBP). However, these outside entities...

Read More
Moving Beyond Resilience to Prosilience

Moving Beyond Resilience to Prosilience

• Insider Threat Blog
Summer Fowler

Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way to not just manage risks, but to achieve mission assurance. Resilience has been codified in our CERT-Resilience Management Model (CERT-RMM), which is a maturity framework of best practices across security, business continuity, and information technology operations focused on an organization's critical assets....

Read More

"Four Insider IT Sabotage Mitigation Patterns and an Initial Effectiveness Analysis" Paper Released

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Matt Collins of the CERT Insider Threat Center. We are pleased to announce the publication of our paper "Four Insider IT Sabotage Patterns and an Initial Effectiveness Analysis." The paper describes four mitigation patterns of insider IT sabotage and initial results from a review of 46 cases from the CERT Insider Threat Database (MERIT Database). Each pattern was developed to prevent or detect potentially malicious actions related to insider threat IT sabotage...

Read More
International Considerations for Cybersecurity Best Practices

International Considerations for Cybersecurity Best Practices

• Insider Threat Blog
CERT Insider Threat Center

Hi! We are Lori Flynn and Carly Huth, CERT cybersecurity researchers. This post is about our recently published paper that describes how strategies for implementing international cybersecurity best practice should account for five factors: technology profile, laws and regulations, law enforcement, culture and subcultures, and corruption....

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 19 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 19 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Derrick Spooner, Cyber Threat Solutions Engineer for the CERT Program, with the last of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 18 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 18 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Randy Trzeciak, Technical Team Lead of Research in the CERT Insider Threat Center, with the eighteenth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 17 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 17 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Daniel Costa, Cyber Security Solutions Developer for the CERT Program, with the seventeenth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 16 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 16 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is George J. Silowash, Cybersecurity Threat and Incident Analyst and Lori Flynn, Insider Threat Researcher for the CERT Program, with the sixteenth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 15 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 15 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Randy Trzeciak, Technical Team Lead of Research in the CERT Insider Threat Center, with the fifteenth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 14 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 14 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Eleni Tsamitis, Insider Threat Administrator for the CERT Program, with the fourteenth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 13 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 13 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Ying Han, Graduate Research Assistant of the CERT Enterprise Threat and Vulnerability Management team, with the thirteenth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 12 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 12 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Sam Perl, Cybersecurity Analyst for the CERT Program, with the twelfth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise to...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Todd Lewellen, Cybersecurity Threat and Incident Analyst for the CERT Program, with the eleventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 10 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 10 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Marcus Smith, a graduate assistant for the CERT Program, with the tenth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 9 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 9 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Mike Albrethsen, Information Systems Security Analyst for the CERT Program, with the ninth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 8 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 8 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Jeremy Strozer, Senior Cyber Security Specialist for the CERT Program, with the eighth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 7 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 7 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hi, this is Chris King, Member of the Technical Staff for the CERT Program, with the seventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 6 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 6 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Jason Clark, Insider Threat Researcher for the CERT Program, with the sixth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 5 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 5 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Derrick Spooner, Cyber Threat Solutions Engineer for the CERT Program, with the fifth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 4 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 4 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Carly Huth, Insider Threat Researcher for the CERT Program, with the fourth of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 3 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 3 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Daniel Costa, Cyber Security Solutions Developer for the CERT Program, with the third of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 2 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 2 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Randy Trzeciak, Technical Team Lead of Insider Threat Research for the CERT Program, with the second of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should...

Read More
Common Sense Guide to Mitigating Insider Threats - Best Practice 1 (of 19)

Common Sense Guide to Mitigating Insider Threats - Best Practice 1 (of 19)

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is George J. Silowash, Cybersecurity Threat and Incident Analyst for the CERT Program, with the first of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. In the coming weeks, my colleagues and I in the CERT Insider Threat Center will, in a series of blog posts, introduce this edition of the guide by presenting each recommended practice in...

Read More
Fourth Edition of the Common Sense Guide to Mitigating Insider Threats Is Released

Fourth Edition of the Common Sense Guide to Mitigating Insider Threats Is Released

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Lori Flynn, insider threat researcher for the CERT Program. We are proud to announce the release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats. We are grateful to the U.S. Department of Homeland Security, Federal Network Resilience (FNR) division within the Office of Cybersecurity and Communications, which sponsored updating and augmenting the previous edition released in 2009.The newest edition is based on our significantly expanded database of...

Read More
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

• Insider Threat Blog
CERT Insider Threat Center

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) by Addison-Wesley Professional has recently been published. The book is available for purchase at Addison-Wesley's InformIT website at http://www.informit.com/store/product.aspx?isbn=9780321812575....

Read More
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage

Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage

• Insider Threat Blog
CERT Insider Threat Center

The Insider Threat Center at CERT recently released a new insider threat control that is specifically designed to detect the presence of a malicious insider based on key indicators to Information Technology (IT) sabotage activity. This blog post provides an overview of the control and the rationale behind its development. For more details describing the development of the control and the statistical analysis used and applied in this signature please refer to the technical report:...

Read More
Preparing for Negative Workplace Events - Managing Employee Expectations

Preparing for Negative Workplace Events - Managing Employee Expectations

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Randy Trzeciak, technical team lead for the Insider Threat Research Team at the CERT Insider Threat Center. This blog post is intended to serve as a reminder to organizations about the impact that an organization's actions can have on employees. Additionally, I want you to ask yourself the following question, what are you doing to manage employee expectations during negative workplace events?...

Read More
Insider Threat Best Practices from Industry

Insider Threat Best Practices from Industry

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is George Silowash from the Insider Threat Center at CERT. I had the opportunity to attend RSA Conference 2011 with two of my colleagues, Dawn Cappelli and Joji Montelibano. Insider threat was a popular topic at the conference this year--vendors discussed it in sales pitches, and security practitioner presentations focused on the problem. In addition to being speakers at the conference, staff members from the Insider Threat Center were there to gather ideas...

Read More