Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data

The insider threat continues to be one of the prime issues facing government entities and organizations across critical infrastructure sectors. Extensive catalogues of case material from actual insider events have been used by CERT, part of Carnegie Mellon University's Software Engineering Institute, to create socio-technical models of insider crime to help educate organizations on the risk of insider crime. Building upon this work, this paper seeks to demonstrate how a useful method for extracting technical information from previous insider crimes and mapping it to previous modeling work can create informed candidate technical controls and indicators. This paper also shows current examples of case material and candidate indicators that have been successfully converted into well-received insider threat training modules.

PDF [546 KB]

Author

Michael Hanley

This report is related to the following area(s) of work:

Security and Survivability

Technical Note
CMU/SEI-2011-TN-003
January 2011

Cite This Report

SEI:

Hanley, Michael; Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data (CMU/SEI-2011-TN-003). Software Engineering Institute, Carnegie Mellon University, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11tn003.cfm

IEEE:

M. Hanley, "Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2011-TN-003, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11tn003.cfm

APA:

Hanley, M., (2011). Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data (CMU/SEI-2011-TN-003). Retrieved May 21, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/11tn003.cfm

CHI:

Hanley, Michael, Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data (CMU/SEI-2011-TN-003). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11tn003.cfm

MLA:

Hanley, M., 2011. Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data (Technical Report CMU/SEI-2011-TN-003). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/11tn003.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.