search menu icon-carat-right cmu-wordmark

Common Sense Guide to Mitigating Insider Threats, Fifth Edition

Technical Report
Presents recommendations for mitigating insider threat based on CERT's continued research and analysis of over 1,000 cases.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2016-TR-015
DOI (Digital Object Identifier)
10.1184/R1/12890918.v1
Topic or Tag

Abstract

This fifth edition of the Common Sense Guide to Mitigating Insider Threats provides the most current recommendations of the CERT® Division (part of Carnegie Mellon University’s Software Engineering Institute), based on an expanded corpus of more than 1,000 insider threat cases and continued research and analysis. It introduces the topic of insider threats, explains its intended audience and how this guide differs from previous editions, defines insider threats, and outlines current patterns and trends. The guide then describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes features new to this edition: challenges to implementation, quick wins and high-impact solutions for small and large organizations, and relevant security standards. This edition also focuses on six groups within an organization—Human Resources, Legal, Physical Security, Data Owners, Information Technology, and Software Engineering—and maps the relevant groups to each practice. The appendices provide a revised list of information security best practices, a new mapping of the guide’s practices to established security standards, a new breakdown of the practices by organizational group, a new look at considerations for employee privacy, and new  checklists of activities for each practice.

Cite This Technical Report

Collins, M., Theis, M., Trzeciak, R., Strozer, J., Clark, J., Costa, D., Cassidy, T., Albrethsen, M., & Moore, A. (2016, December 21). Common Sense Guide to Mitigating Insider Threats, Fifth Edition. (Technical Report CMU/SEI-2016-TR-015). Retrieved July 12, 2024, from https://doi.org/10.1184/R1/12890918.v1.

@techreport{collins_2016,
author={Collins, Matthew and Theis, Michael and Trzeciak, Randall and Strozer, Jeremy and Clark, Jason and Costa, Daniel and Cassidy, Tracy and Albrethsen, Michael and Moore, Andrew},
title={Common Sense Guide to Mitigating Insider Threats, Fifth Edition},
month={Dec},
year={2016},
number={CMU/SEI-2016-TR-015},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12890918.v1},
note={Accessed: 2024-Jul-12}
}

Collins, Matthew, Michael Theis, Randall Trzeciak, Jeremy Strozer, Jason Clark, Daniel Costa, Tracy Cassidy, Michael Albrethsen, and Andrew Moore. "Common Sense Guide to Mitigating Insider Threats, Fifth Edition." (CMU/SEI-2016-TR-015). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 21, 2016. https://doi.org/10.1184/R1/12890918.v1.

M. Collins, M. Theis, R. Trzeciak, J. Strozer, J. Clark, D. Costa, T. Cassidy, M. Albrethsen, and A. Moore, "Common Sense Guide to Mitigating Insider Threats, Fifth Edition," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2016-TR-015, 21-Dec-2016 [Online]. Available: https://doi.org/10.1184/R1/12890918.v1. [Accessed: 12-Jul-2024].

Collins, Matthew, Michael Theis, Randall Trzeciak, Jeremy Strozer, Jason Clark, Daniel Costa, Tracy Cassidy, Michael Albrethsen, and Andrew Moore. "Common Sense Guide to Mitigating Insider Threats, Fifth Edition." (Technical Report CMU/SEI-2016-TR-015). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 21 Dec. 2016. https://doi.org/10.1184/R1/12890918.v1. Accessed 12 Jul. 2024.

Collins, Matthew; Theis, Michael; Trzeciak, Randall; Strozer, Jeremy; Clark, Jason; Costa, Daniel; Cassidy, Tracy; Albrethsen, Michael; & Moore, Andrew. Common Sense Guide to Mitigating Insider Threats, Fifth Edition. CMU/SEI-2016-TR-015. Software Engineering Institute. 2016. https://doi.org/10.1184/R1/12890918.v1