search menu icon-carat-right cmu-wordmark

Common Sense Guide to Mitigating Insider Threats, Sixth Edition

Technical Report
The guide presents recommendations for mitigating insider threat based on the CERT Division's continued research and analysis of more than 1,500 insider threat cases.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2018-TR-010
DOI (Digital Object Identifier)
10.1184/R1/12363665.v1

Abstract

This sixth edition of the Common Sense Guide to Mitigating Insider Threats provides the current recommendations of the CERT Division (part of Carnegie Mellon University’s Software Engineering Institute), based on an expanded corpus of more than 1,500 insider threat cases and continued research and analysis. It introduces the topic of insider threats, describes its intended audience, outlines changes for this edition, defines insider threats, and outlines current trends. The guide then describes 21 practices that organizations should implement to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes challenges to implementation, quick wins, and high-impact solutions for small and large organizations. This edition also focuses on six groups within an organization—Human Resources, Legal Counsel, Physical Security, Data Owners, Information Technology, and Software Engineering—and maps relevant groups to each practice. The appendices provide a list of information security best practices, a mapping of the guide’s practices to established security standards, a breakdown of the practices by organizational group, and checklists of activities for each practice.

Cite This Technical Report

Theis, M., Trzeciak, R., Costa, D., Moore, A., Miller, S., Cassidy, T., & Claycomb, W. (2019, February 27). Common Sense Guide to Mitigating Insider Threats, Sixth Edition. (Technical Report CMU/SEI-2018-TR-010). Retrieved December 2, 2023, from https://doi.org/10.1184/R1/12363665.v1.

@techreport{theis_2019,
author={Theis, Michael and Trzeciak, Randall and Costa, Daniel and Moore, Andrew and Miller, Sarah and Cassidy, Tracy and Claycomb, William},
title={Common Sense Guide to Mitigating Insider Threats, Sixth Edition},
month={Feb},
year={2019},
number={CMU/SEI-2018-TR-010},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12363665.v1},
note={Accessed: 2023-Dec-2}
}

Theis, Michael, Randall Trzeciak, Daniel Costa, Andrew Moore, Sarah Miller, Tracy Cassidy, and William Claycomb. "Common Sense Guide to Mitigating Insider Threats, Sixth Edition." (CMU/SEI-2018-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, February 27, 2019. https://doi.org/10.1184/R1/12363665.v1.

M. Theis, R. Trzeciak, D. Costa, A. Moore, S. Miller, T. Cassidy, and W. Claycomb, "Common Sense Guide to Mitigating Insider Threats, Sixth Edition," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2018-TR-010, 27-Feb-2019 [Online]. Available: https://doi.org/10.1184/R1/12363665.v1. [Accessed: 2-Dec-2023].

Theis, Michael, Randall Trzeciak, Daniel Costa, Andrew Moore, Sarah Miller, Tracy Cassidy, and William Claycomb. "Common Sense Guide to Mitigating Insider Threats, Sixth Edition." (Technical Report CMU/SEI-2018-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 27 Feb. 2019. https://doi.org/10.1184/R1/12363665.v1. Accessed 2 Dec. 2023.

Theis, Michael; Trzeciak, Randall; Costa, Daniel; Moore, Andrew; Miller, Sarah; Cassidy, Tracy; & Claycomb, William. Common Sense Guide to Mitigating Insider Threats, Sixth Edition. CMU/SEI-2018-TR-010. Software Engineering Institute. 2019. https://doi.org/10.1184/R1/12363665.v1