search menu icon-carat-right cmu-wordmark

Common Sense Guide to Mitigating Insider Threats, Fourth Edition

Technical Report
In this report, the authors define insider threats and outline current insider threat patterns and trends.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2012-TR-012
DOI (Digital Object Identifier)
10.1184/R1/6572639.v1

Abstract

This fourth edition of the Common Sense Guide to Mitigating Insider Threats provides the most current recommendations of the CERT® Program (part of Carnegie Mellon University's Software Engineering Institute), based on an expanded database of more than 700 insider threat cases and continued research and analysis. It introduces the topic of insider threats, explains its intended audience and how this guide differs from previous editions, defines insider threats, and outlines current patterns and trends. The guide then describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes features new to this edition: challenges to implementation, quick wins and high-impact solutions for small and large organizations, and relevant security standards. This edition also focuses on six groups within an organization-human resources, legal, physical security, data owners, information technology, and software engineering-and maps the relevant groups to each practice. The appendices provide a revised list of information security best practices, a new mapping of the guide's practices to established security standards, a new breakdown of the practices by organizational group, and new checklists of activities for each practice.

For the previous version of this work, see the Common Sense Guide to Prevention and Detection of Insider Threats, 3rd Edition, version 3.1.

The book The CERT Guide to Insider Threats is also available from the Addison-Wesley SEI Series in Software Engineering.

The <a href="/library/asset-view.cfm?assetID=484738" id="/library/asset-view.cfm?assetID=484738|">Common Sense Guide to Mitigating Insider Threats, Fifth Edition</a> is now available.

Cite This Technical Report

Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T., & Flynn, L. (2012, December 1). Common Sense Guide to Mitigating Insider Threats, Fourth Edition. (Technical Report CMU/SEI-2012-TR-012). Retrieved May 21, 2024, from https://doi.org/10.1184/R1/6572639.v1.

@techreport{silowash_2012,
author={Silowash, George and Cappelli, Dawn and Moore, Andrew and Trzeciak, Randall and Shimeall, Timothy and Flynn, Lori},
title={Common Sense Guide to Mitigating Insider Threats, Fourth Edition},
month={Dec},
year={2012},
number={CMU/SEI-2012-TR-012},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6572639.v1},
note={Accessed: 2024-May-21}
}

Silowash, George, Dawn Cappelli, Andrew Moore, Randall Trzeciak, Timothy Shimeall, and Lori Flynn. "Common Sense Guide to Mitigating Insider Threats, Fourth Edition." (CMU/SEI-2012-TR-012). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 1, 2012. https://doi.org/10.1184/R1/6572639.v1.

G. Silowash, D. Cappelli, A. Moore, R. Trzeciak, T. Shimeall, and L. Flynn, "Common Sense Guide to Mitigating Insider Threats, Fourth Edition," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2012-TR-012, 1-Dec-2012 [Online]. Available: https://doi.org/10.1184/R1/6572639.v1. [Accessed: 21-May-2024].

Silowash, George, Dawn Cappelli, Andrew Moore, Randall Trzeciak, Timothy Shimeall, and Lori Flynn. "Common Sense Guide to Mitigating Insider Threats, Fourth Edition." (Technical Report CMU/SEI-2012-TR-012). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Dec. 2012. https://doi.org/10.1184/R1/6572639.v1. Accessed 21 May. 2024.

Silowash, George; Cappelli, Dawn; Moore, Andrew; Trzeciak, Randall; Shimeall, Timothy; & Flynn, Lori. Common Sense Guide to Mitigating Insider Threats, Fourth Edition. CMU/SEI-2012-TR-012. Software Engineering Institute. 2012. https://doi.org/10.1184/R1/6572639.v1