search menu icon-carat-right cmu-wordmark

Common Sense Guide to Mitigating Insider Threats, Seventh Edition

White Paper
The guide describes 22 best practices for mitigating insider threat based on the CERT Division's continued research and analysis of more than 3,000 insider threat cases.

Software Engineering Institute


This seventh edition of the Common Sense Guide to Mitigating Insider Threats provides the SEI’s most current recommendations for mitigating insider threats and managing insider risk. These evidence-based recommendations are based on the empirical research and analysis of 3,000 cases of insider threat.

Misuse of authorized access to an organization’s critical assets is a significant and complex threat that requires a coordinated, proactive, enterprise-wide effort to sufficiently address. This guide describes 22 actionable best practices that organizations can use to mitigate insider threat. Each best practice includes strategies and tactics for quick wins and high-impact solutions, mitigations to minimize implementation challenges and roadblocks, and mappings to notable and relevant security and privacy standards. Each best practice also provides resources for relevant stakeholders: Management, Human Resources, Legal Counsel, Physical Security, Information Technology, Information Security, Data Owners, and Software Engineers.

Supplemental Materials

Supplemental Materials