Carnegie Mellon University
Browse
Common Sense Guide to Mitigating Insider Threats, Sixth Edition.pdf (2.35 MB)

Common Sense Guide to Mitigating Insider Threats, Sixth Edition

Download (2.35 MB)
report
posted on 2020-09-15, 19:21 authored by Michael TheisMichael Theis, Randall F. Trzeciak, Daniel L. Costa, Andrew P. Moore, Sarah Miller, Tracy Cassidy, William R. Claycomb
This sixth edition of the Common Sense Guide to Mitigating Insider Threats provides the current recommendations of the CERT Division (part of Carnegie Mellon University’s Software Engineering Institute), based on an expanded corpus of more than 1,500 insider threat cases and continued research and analysis. It introduces the topic of insider threats, describes its intended audience, outlines changes for this edition, defines insider threats, and outlines current trends. The guide then describes 21 practices that organizations should implement to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes challenges to implementation, quick wins, and high-impact solutions for small and large organizations. This edition also focuses on six groups within an organization - Human Resources, Legal Counsel, Physical Security, Data Owners, Information Technology, and Software Engineering - and maps relevant groups to each practice. The appendices provide a list of information security best practices, a mapping of the guide’s practices to established security standards, a breakdown of the practices by organizational group, and checklists of activities for each practice.

History

Publisher Statement

This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA 01731-2100 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

Date

2019-02-28

Copyright Statement

Copyright 2018 Carnegie Mellon University. All Rights Reserved.

Usage metrics

    Categories

    Keywords

    Cyber Risk and Resilience ManagementInsider ThreatsCERT

    Licence

    In Copyright

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC