Common Sense Guide to Mitigating Insider Threats, Sixth Edition
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2018-TR-010DOI (Digital Object Identifier)
10.1184/R1/12363665.v1Topic or Tag
Abstract
This sixth edition of the Common Sense Guide to Mitigating Insider Threats provides the current recommendations of the CERT Division (part of Carnegie Mellon University’s Software Engineering Institute), based on an expanded corpus of more than 1,500 insider threat cases and continued research and analysis. It introduces the topic of insider threats, describes its intended audience, outlines changes for this edition, defines insider threats, and outlines current trends. The guide then describes 21 practices that organizations should implement to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes challenges to implementation, quick wins, and high-impact solutions for small and large organizations. This edition also focuses on six groups within an organization—Human Resources, Legal Counsel, Physical Security, Data Owners, Information Technology, and Software Engineering—and maps relevant groups to each practice. The appendices provide a list of information security best practices, a mapping of the guide’s practices to established security standards, a breakdown of the practices by organizational group, and checklists of activities for each practice.
Part of a Collection
Insider Threats During Pandemic Conditions
Cite This Technical Report
Theis, M., Trzeciak, R., Costa, D., Moore, A., Miller, S., Cassidy, T., & Claycomb, W. (2019, February 27). Common Sense Guide to Mitigating Insider Threats, Sixth Edition. (Technical Report CMU/SEI-2018-TR-010). Retrieved October 12, 2024, from https://doi.org/10.1184/R1/12363665.v1.
@techreport{theis_2019,
author={Theis, Michael and Trzeciak, Randall and Costa, Daniel and Moore, Andrew and Miller, Sarah and Cassidy, Tracy and Claycomb, William},
title={Common Sense Guide to Mitigating Insider Threats, Sixth Edition},
month={Feb},
year={2019},
number={CMU/SEI-2018-TR-010},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12363665.v1},
note={Accessed: 2024-Oct-12}
}
Theis, Michael, Randall Trzeciak, Daniel Costa, Andrew Moore, Sarah Miller, Tracy Cassidy, and William Claycomb. "Common Sense Guide to Mitigating Insider Threats, Sixth Edition." (CMU/SEI-2018-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, February 27, 2019. https://doi.org/10.1184/R1/12363665.v1.
M. Theis, R. Trzeciak, D. Costa, A. Moore, S. Miller, T. Cassidy, and W. Claycomb, "Common Sense Guide to Mitigating Insider Threats, Sixth Edition," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2018-TR-010, 27-Feb-2019 [Online]. Available: https://doi.org/10.1184/R1/12363665.v1. [Accessed: 12-Oct-2024].
Theis, Michael, Randall Trzeciak, Daniel Costa, Andrew Moore, Sarah Miller, Tracy Cassidy, and William Claycomb. "Common Sense Guide to Mitigating Insider Threats, Sixth Edition." (Technical Report CMU/SEI-2018-TR-010). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 27 Feb. 2019. https://doi.org/10.1184/R1/12363665.v1. Accessed 12 Oct. 2024.
Theis, Michael; Trzeciak, Randall; Costa, Daniel; Moore, Andrew; Miller, Sarah; Cassidy, Tracy; & Claycomb, William. Common Sense Guide to Mitigating Insider Threats, Sixth Edition. CMU/SEI-2018-TR-010. Software Engineering Institute. 2019. https://doi.org/10.1184/R1/12363665.v1