Insider Threat Security Reference Architecture

The Insider Threat Security Reference Architecture (ITSRA) provides an enterprise-wide solution to insider threat. The architecture consists of four security layers: Business, Information, Data, and Application. Organizations should deploy and enforce controls at each layer to address insider attacks. None of the layers function in isolation or independently of other layers. Rather, the correlation of indicators and application of controls across all four layers form the crux of this approach. Empirical data consisting of more than 700 cases of insider crimes show that insider attacks proved successful in inflicting damage when an organization failed to implement adequate controls in any of three security principles: authorized access, acceptable use, and continuous monitoring. The ITSRA draws from existing best practices and standards as well as from analysis of these cases to provide actionable guidance for organizations to improve their posture against the insider threat.

PDF [609 KB]

Authors

Joji Montelibano

Andrew P. Moore

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2012-TR-007
April 2012

Cite This Report

SEI:

Montelibano, Joji; & Moore, Andrew. Insider Threat Security Reference Architecture (CMU/SEI-2012-TR-007). Software Engineering Institute, Carnegie Mellon University, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tr007.cfm

IEEE:

J. Montelibano, and A. Moore, "Insider Threat Security Reference Architecture," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2012-TR-007, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tr007.cfm

APA:

Montelibano, J., & Moore, A. (2012). Insider Threat Security Reference Architecture (CMU/SEI-2012-TR-007). Retrieved June 19, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/12tr007.cfm

CHI:

Montelibano, Joji, and Andrew Moore. Insider Threat Security Reference Architecture (CMU/SEI-2012-TR-007). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tr007.cfm

MLA:

Montelibano, J., & Moore, A. 2012. Insider Threat Security Reference Architecture (Technical Report CMU/SEI-2012-TR-007). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/12tr007.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.