search menu icon-carat-right cmu-wordmark

CERT Guide to Insider Threats Named to Cybersecurity Canon


April 6, 2016—Palo Alto Networks has announced that the CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes will be inducted into the Cybersecurity Canon in 2016. The book was published by Addison-Wesley Professional in 2012. Two SEI CERT Division researchers, Randall Trzeciak and Andrew Moore, who coauthored the book with Dawn Cappelli, were recognized for their contributions to the field at the Ignite 2016 Cybersecurity Conference on April 4 in Las Vegas, Nevada.

Palo Alto Networks created the canon “to identify a list of must-read books for all cybersecurity practitioners—be they from industry, government or academia—where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”

Since 2001, the CERT Insider Threat Center has collected and analyzed information about hundreds of insider cybercrimes, ranging from national security espionage to theft of trade secrets. The CERT Guide to Insider Threats describes CERT's findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.

“What makes the book valuable is that it is backed up with real data,” noted Palo Alto Networks’ Chief Security Officer Rick Howard. “After analyzing some 700 cases, the authors can make reasonable assertions about what might work. The epiphany for me was that the bulk of the recommendations do not fall within the technical realm. More than half fall into the administrative side, which may be why detecting the insider threat is so hard.”

“We are truly honored by this induction into the Cybersecurity Canon,” said Trzeciak, technical manager of the SEI CERT Division’s Enterprise Threat and Vulnerability Management Team and the CERT Insider Threat Center, “and we are extremely pleased with the impact our work has had across the DoD, federal government, industry around the globe, and academia.”

Moore, lead researcher at the CERT Insider Threat Center, noted, “The book was the result of years of research by staff at CERT and our organizational partners dedicated to helping organizations understand and mitigate the risk of insider threat. Thanks to everyone who contributed to the research, to the Software Engineering Institute for their support, and to Palo Alto Networks for creating the canon and hosting the event.”

To learn more about the CERT Division’s work on insider threat, visit