search menu icon-carat-right cmu-wordmark

CERT Releases Updated Insider Threat Guidebook

CERT Releases Updated Insider Threat Guidebook
Press Release

Common Sense Guide to Mitigating Insider Threats, 5th ed., Now Available

Learn more about the Guide and meet the authors at RSA Conference 2017 on Monday, Feb. 13, at 6 p.m. PST in South Hall booth S2627.

Pittsburgh, Pa., February 8, 2017—The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University today announced the release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats, which is available for download on the SEI website. The Guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so.

“The new edition of the Guide comes at critical time for organizations developing insider threat programs,” said Randy Trzeciak, technical manager of the CERT Insider Threat Center. “The insider threat landscape has changed considerably since the previous edition, especially with new directives that government and government-contractor organizations must follow.”

Updates to the Guide reflect the movement of government and private organizations to-ward the startup of insider threat programs. Changes include:

  • reordering of best practices to better align with the development of insider threat programs
  • recognizing the threat posed by non-malicious (accidental) insiders
  • significant updates to best practices
  • one new practice
  • new case studies for each best practice

This edition also focuses on six groups within an organization—Human Resources, Legal, Physical Security, Data Owners, Information Technology, and Software Engineering—and maps the relevant groups to each practice.

The threat of attack from insiders is real and substantial. The 2016 U.S. State of Cyber-crime Survey, sponsored by the CERT Insider Threat Center, United States Secret Ser-vice, CSO Magazine, and PWC, found 27% of electronic crime events were suspected or known to be caused by insiders. The survey also revealed that 30% of the respondents thought that damage caused by insider attacks was more severe than damage from out-sider attacks.

“The Guide lays out the practices that organizations should consider in identifying their critical assets and protecting them from malicious and unintentional insider threats,” said Trzeciak. “It’s the first step an organization should take in a continuum that includes pro-gram building, manager and staff training, and organizational insider threat assessments.

To download the Guide, go to the SEI website at

For more information about the CERT Insider Threat Center, see, or contact

About the Carnegie Mellon University Software Engineering Institute
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI works with organizations to make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at The CERT Cybersecurity Division of the SEI is the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity. For more information, visit