search menu icon-carat-right cmu-wordmark

Subject: Insider Threat

The Latest Research from the SEI in DevSecOps, Threat Modeling, and Insider Threat

The Latest Research from the SEI in DevSecOps, Threat Modeling, and Insider Threat

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in DevSecOps, insider threat, cyber risk and resilience, software assurance, infrastructure as code, software architecture, and threat modeling. These publications highlight the latest work of SEI technologists in these areas. This blog post also presents the latest episode in our podcast series highlighting the work of...

Read More
Technical Detection of Intended Violence: Workplace Violence as an Insider Threat

Technical Detection of Intended Violence: Workplace Violence as an Insider Threat

• SEI Blog
Tracy Cassidy

The threat of insiders causing physical harm to fellow employees or themselves at an organization is real. In 2015 and 2016 alone, there were shootings in the U.S. by current or former employees in various workplaces, including at a television station in Virginia, a mowing equipment manufacturer in Kansas, an Air Force base in Texas, a transportation company in Texas, and a supermarket in Pennsylvania. These incidents resulted in seven fatalities and an additional 17...

Read More
Cyber Warfare, Technical Debt, Network Border Protection, and Insider Threat: The Latest Work from the SEI

Cyber Warfare, Technical Debt, Network Border Protection, and Insider Threat: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in cyber warfare, emerging technologies and their risks, domain name system blocking to disrupt malware, best practices in network border protection, robotics, technical debt, and insider threat and workplace violence. These publications highlight the latest work of SEI technologists in these areas. This post includes a...

Read More
5 Best Practices to Prevent Insider Threat

5 Best Practices to Prevent Insider Threat

• SEI Blog
Randy Trzeciak

Insider threat continues to be a problem with approximately 50 percent of organizations experiencing at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. Although the attack methods vary depending on the industry, the primary types of attacks identified by researchers at the CERT Insider Threat Center--theft of intellectual property, sabotage, fraud, and espionage--continue to hold true. In our work with public and private industry, we continue to...

Read More
Machine Learning and Insider Threat

Machine Learning and Insider Threat

• SEI Blog
Daniel Costa

As organizations' critical assets have become digitized and access to information has increased, the nature and severity of threats has changed. Organizations' own personnel--insiders--now have greater ability than ever before to misuse their access to critical organizational assets. Insiders know where critical assets are, what is important, and what is valuable. Their organizations have given them authorized access to these assets and the means to compromise the confidentiality, availability, or integrity of data. As organizations...

Read More
Three Practice Areas for Using Positive Incentives to Reduce Insider Threat

Three Practice Areas for Using Positive Incentives to Reduce Insider Threat

• SEI Blog
Andrew Moore

In the 2016 Cyber Security Intelligence Index, IBM found that 60 percent of all cyber attacks were carried out by insiders. One reason that insider threat remains so problematic is that organizations typically respond to these threats with negative technical incentives, such as practices that monitor employee behavior, detect and punish misbehavior, and otherwise try to force employees to act in the best interest of the organization. In contrast, this blog post highlights results from...

Read More
Modeling and Simulation in Insider Threat

Modeling and Simulation in Insider Threat

• SEI Blog
Andrew Moore

A 2016 study on cybersecurity and digital trust found that 69 percent of organizations surveyed experienced an attempted or successful theft or corruption of data by insiders in the last 12 months. Despite the impact of insider threat--and continued mandates that government agencies and their contractors put insider threat programs in place--a number of organizations still have not implemented them. Moreover, the programs that have been implemented often have serious deficiencies. One impediment to organizations...

Read More
Top 10 Insider Threat Posts

Top 10 Insider Threat Posts

• SEI Blog
Greg Shannon

For two consecutive years, organizations reported that insider crimes caused comparable damage (34 percent) to external attacks (31 percent), according to a recent cybercrime report co-sponsored by the CERT Division at the Carnegie Mellon University Software Engineering Institute. Despite this near parity, media reports of attacks often focus on external attacks and their aftermath, yet an attack can be equally or even more devastating when carried out from within an organization. Insider threats are influenced...

Read More
Software Assurance, Social Networking Tools, Insider Threat, and Risk Analysis--The Latest Research from the SEI

Software Assurance, Social Networking Tools, Insider Threat, and Risk Analysis--The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in software assurance, social networking tools, insider threat, and the Security Engineering Risk Analysis Framework (SERA). This post includes a listing of each report, author(s), and links where the published reports can be accessed on the...

Read More
Designing Insider Threat Programs

Designing Insider Threat Programs

• SEI Blog
Andrew Moore

Insider threat is the threat to organization's critical assets posed by trusted individuals - including employees, contractors, and business partners - authorized to use the organization's information technology systems. Insider threat programs within an organization help to manage the risks due to these threats through specific prevention, detection, and response practices and technologies. The National Industrial Security Program Operating Manual (NISPOM), which provides baseline standards for the protection of classified information, is considering proposed changes...

Read More
The Latest Published Research from the SEI

The Latest Published Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in assuring software reliability, future architectures, Agile software teams, insider threat, and HTML5. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website....

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in cybersecurity risks, software assurance, advanced persistent threat, international insider threat, Wireless Emergency Alerts Service, security and survivability, and acquisition....

Read More
Unintentional Insider Threat and Social Engineering

Unintentional Insider Threat and Social Engineering

• SEI Blog
David Mundie

Social engineering involves the manipulation of individuals to get them to unwittingly perform actions that cause harm or increase the probability of causing future harm, which we call "unintentional insider threat." This blog post highlights recent research that aims to add to the body of knowledge about the factors that lead to unintentional insider threat (UIT) and about how organizations in industry and government can protect themselves....

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in systems of systems integration from an architectural perspective, unintentional insider threat that derives from social engineering, identifying physical security gaps in international mail processing centers and similar facilities, countermeasures used by cloud service providers, the...

Read More
2013: The Research Year in Review

2013: The Research Year in Review

• SEI Blog
Douglas C. Schmidt

As part of our mission to advance the practice of software engineering and cybersecurity through research and technology transition, our work focuses on ensuring that software-reliant systems are developed and operated with predictable and improved quality, schedule, and cost. To achieve this mission, the SEI conducts research and development activities involving the Department of Defense (DoD), federal agencies, industry, and academia. As we look back on 2013, this blog posting highlights our many R&D accomplishments...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. Three of these reports highlight the latest work of SEI technologists on insider threat in international contexts, unintentional insider threats, and attributes and mitigation strategies. The last report provides the results of several exploratory research initiatives conducted by SEI staff in fiscal year 2012. This...

Read More
A Multi-Dimensional Approach to Insider Threat

A Multi-Dimensional Approach to Insider Threat

• SEI Blog
David Mundie

Researchers on the CERT Division's insider threat team have presented several of the 26 patterns identified by analyzing our insider threat database, which is based on examinations of more than 700 insider threat cases and interviews with the United States Secret Service, victims' organizations, and convicted felons. Through our analysis, we identified more than 100 categories of weaknesses in systems, processes, people, or technologies that allowed insider threats to occur. One aspect of our research...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in quantifying expert judgment, insider threat, detecting and preventing data exfiltration, and developing a common vocabulary for malware analysts. This post includes a listing of each report, author(s), and links where the published reports can be...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in and systems engineering, resilience, and insider threat. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website....

Read More
Enabling and Measuring Early Detection of Insider Threats

Enabling and Measuring Early Detection of Insider Threats

• SEI Blog
Dr. Bill Claycomb

Sabotage of IT systems by employees (the so-called "inside threat") is a serious problem facing many companies today. Not only can data or computing systems be damaged, but outward-facing systems can be compromised to such an extent that customers cannot access an organization's resources or products. Previous blog postings on the topic of insider threat have discussed mitigation patterns, controls that help identify insiders at risk of committing cyber crime, and the protection of next-generation...

Read More
Effectiveness of a Pattern for Preventing Theft by Insiders

Effectiveness of a Pattern for Preventing Theft by Insiders

• SEI Blog
Andrew Moore

Since 2001, researchers at the CERT Insider Threat Center have documented malicious insider activity by examining media reports and court transcripts and conducting interviews with the United States Secret Service, victims' organizations, and convicted felons. Among the more than 700 insider threat cases that we've documented, our analysis has identified more than 100 categories of weaknesses in systems, processes, people or technologies that allowed insider threats to occur. One aspect of our research has focused...

Read More
New SIEM Signature Developed to Address Insider Threats

New SIEM Signature Developed to Address Insider Threats

• SEI Blog
Randy Trzeciak

According to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, researchers at the CERT Insider Threat Center have documented incidents related to malicious insider activity. Their sources include media reports, the courts, the United States...

Read More
Developing Controls to Prevent Theft of Intellectual Property

Developing Controls to Prevent Theft of Intellectual Property

• SEI Blog
Randy Trzeciak

According to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, CERT Insider Threat researchers have collected incidents related to malicious activity by insiders obtained from a number of sources, including media reports, the courts, the...

Read More
An Overview of the SEI Technologies Forum

An Overview of the SEI Technologies Forum

• SEI Blog
Douglas C. Schmidt

We use the SEI Blog to inform you about the latest work at the SEI, so this week I'm summarizing some video presentations recently posted to the SEI website from the SEI Technologies Forum. This virtual event held in late 2011 brought together participants from more than 50 countries to engage with SEI researchers on a sample of our latest work, including cloud computing, insider threat, Agile development, software architecture, security, measurement, process improvement, and...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in insider threat, interoperability, service-oriented architecture, operational resilience, and automated remediation. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website....

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in Agile methods, insider threat,the SMART Grid Maturity Model, acquisition, and CMMI. This post includes a listing of each report, author/s, and links where the published reports can be accessed on the SEI website....

Read More
Protecting Against Insider Threats with Enterprise Architecture Patterns

Protecting Against Insider Threats with Enterprise Architecture Patterns

• SEI Blog
Andrew Moore

The 2011 CyberSecurity Watch survey revealed that 27 percent of cybersecurity attacks against organizations were caused by disgruntled, greedy, or subversive insiders, employees, or contractors with access to that organization's network systems or data. Of the 607 survey respondents, 43 percent view insider threat attacks as more costly and cited not only a financial loss but also damage to reputation, critical system disruption, and loss of confidential or proprietary information. For the Department of Defense...

Read More
Insider Threat: The Latest Research from the SEI

Insider Threat: The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

Happy Independence Day from all of us here at the SEI. I'd like to take advantage of this special occasion to keep you apprised of a new technical report from the SEI. It's part of an ongoing effort to keep you informed about the latest work of SEI technologists. This report highlights the latest work of SEI technologists in the fields of insider threat. This post includes a listing of the report, authors, and links...

Read More