Reports & Papers
Presentations
Books

Webinars
Podcasts
Videos & DVDs

SEI Overview
Director's Message
Vision, Mission, & Strategy

Our Organization
Our People
Year in Review

Overview

News Stories

Announcements

Press Releases

Media Coverage

Media Contact

Media Coverage

Feb 12, 2013

Pittsburgh Tribune-Review: Cyberspace Offers New Frontier to Exploit Weaknesses, Initiate Attacks

The SEI's Marty Lindner lends perspective on the possibility of large-scale cyber attacks directed at the nation's infrastructure. MORE >

Sep 13, 2012

ADM Defence Business: Cyber Summit

Dawn Cappelli, CERT Insider Threat Center, presents the latest CERT insider threat research at the second annual Australian Defence Magazine Cyber Security Summit. MORE >

Jul 2, 2012

SC Magazine: Danger Within: Insider Threat

Dawn Cappelli of CERT says that many organizations are focused on protecting their networks from outside threats, but they don’t have anyone in charge of insider threat mitigation. She says that using a combination of technical and non-technical controls can help organizations greatly increase their chances of mitigating malicious activity. MORE >

Jun 29, 2012

GovInfoSecurity.com: Developing Situational Awareness

CERT senior researcher, Ed Stoner discusses network situational awareness and how this capability can help organizations effectively defend networks from new level of threats and malicious activity. MORE >

Jun 23, 2012

Pittsburgh Business Times: Original Ties to Pitt Threats Led to Suspect

Marty Lindner of CERT discusses how the origin of Internet communications are traced in a story about an FBI investigation of a suspect in the recent bomb threats at the University of Pittsburgh. MORE >

Jun 4, 2012

Slashdot: AMD/ATI Video Drivers Unsafe At Any Speed

Slashdot featured information from a recent CERT vulnerability report and blog post discussing how AMD video drivers prevent the use of the most secure setting for Microsoft's Exploit Mitigation Experience Toolkit. MORE >

May 10, 2012

FedTech: Data Loss Prevention: How to Stop Inside Jobs

An article discussing new data loss prevention strategies shares research statistics from the 2011 CyberSecurity Watch Survey done by the CERT Insider Threat team and the Secret Service. MORE >

May 1, 2012

GovInfoSecurity - Insider Threat: Emerging Risks

Dawn Cappelli and Randy Trzeciak of the SEI CERT Insider Threat Center discuss their new book, the CERT Guide to Insider Threats and an emerging trend in which the malicious outsider is taking advantage of an inadvertent insider. MORE >

Mar 13, 2012

AOL Defense: Storm Clouds: The Coming Turf Wars Over Cloud Computing

Terry Roberts, executive director of the Acquisition Support Program (ASP)/Interagency and Cyber at the SEI talks with AOL Defense about how the entire intel community can benefit can benefit from intelligence agencies adopting cloud computing. MORE >

Mar 13, 2012

NextGov: Cloud will Change Intelligence Community's Business Model

Terry Roberts discusses the benefits of a transition to cloud storage and computing within the intelligence community. MORE >

Mar 13, 2012

NextGov: Spies Exchange Tips in the Cloud

Terry Roberts, executive director of the Acquisition Support Program (ASP)/Interagency and Cyber at the SEI discusses how the government can use the cloud to share national security intelligence, collaborate, and cut costs through economies of scale. MORE >

Mar 13, 2012

InformationWeek: 10 Best Ways to Stop Insider Attacks

InformationWeek shares the CERT Insider Threat team’s top 10 tips for battling the insider threat, which include setting up an insider threat prevention program. MORE >

Mar 9, 2012

Supply & Demand Chain: Revolutionary Road of Industry Standards

The SEI is part of the Open Group Trusted Technology Forum which recently shared a snapshot preview of its Open Trusted Technology Provider Standard (O-TTPS) scheduled to be released in Q4 of this year. The open standard for organizational best practices aims to enhance the security of the global supply chain and address the risk of tainted and counterfeit products. MORE >

Mar 9, 2012

Pittsburgh Business Times: CMU Researchers Say In-house Cyber Attacks Most Damaging

CERT researchers Dawn Cappelli, Andy Moore, and Randy Trzeciak recently released the CERT Guide to Insider Threats book which shares findings from the team’s 10 years of research and strategies for dealing with insider threats. MORE >

Mar 5, 2012

eWeek: Insider Security Threats: 10 Tactics to Stop These Data Breaches

eWeek shares the CERT Insider Threat team's top 10 tips for fighting the insider threat, which were presented by Dawn Cappelli at the RSA Conference 2012. MORE >

Mar 3, 2012

InfoQ: SEI Publishes The CERT Guide to Insider Threats Book

InfoQ looks at the new book from the CERT Insider Threat Team, the CERT Guide to Insider Threats, which addresses common threats and countermeasures. MORE >

Mar 2, 2012

BankInfoSecurity: 10 Tips to Fight Insider Fraud

Dawn Cappelli shares the top 10 tips for fighting the insider threat and discusses the new CERT Guide to Insider Threats book. MORE >

Feb 21, 2012

BankInfoSecurity: The Book on Insider Threats

CERT researchers Dawn Cappelli and Randy Trzeciak discuss their new book, The CERT Guide to Insider Threats. They discuss the evolution of the insider threat, key trends to watch in 2012, and advice on how organizations can protect themselves. MORE >

Feb 10, 2012

SecurityManagement.com: Security as a Governance Concern

An article about effective enterprise security governance discusses a recent SEI research report that shares six factors that indicate an organization is addressing security as a governance concern. MORE >

Jan 18, 2012

Excellence in Search An Interview with David Chaiken

IEEE Software associate editor John Favaro interviewed search engine giant Yahoo's chief architect David Chaiken about algorithms and today's practitioner. In the article, Chaiken mentions his keynote speech given at the SEI's SATURN 2011 conference. MORE >

Jan 5, 2012

Pittsburgh Post-Gazette: Smartphones and Seemingly Safe Sites May be More Vulnerable in 2012

CERT Vulnerability Analyst, Art Manion, emphasizes the growing importance for individuals and organizations to protect themselves against cyber attacks as we all get more connected. MORE >

Dec 27, 2011

SearchSecurity.com: Employee Profiling: A Proactive Defense Against Insider Threats

In a discussion about insider crimes, SearchSecurity.com shares research from the CERT Program’s Insider Threat Center on different types of insider crimes and profiles of various types of malicious insiders. MORE >

Dec 22, 2011

Christian Science Monitor: Bradley Manning Case Signals US Vulnerability to 'Insider' Cyberattack

Dawn Cappelli discusses how insider attacks are a consistent threat for many organizations and shares different types of insider attacks and what can be done to mitigate them. MORE >

Dec 20, 2011

Quality Digest: Linking Quality Management and Risk Management

Quality Digest discusses risk and quality management and notes that the Consortium for IT Software Quality (CISQ), an independent organization founded by the SEI, and the Object Management Group (OMG), has defined five major desirable characteristics needed for a piece of software to provide business value: reliability, efficiency, security, maintainability and (adequate) size. MORE >

Dec 13, 2011

InfoQ: Rick Kazman on Evaluating Software Architectures

SEI Visiting Scientist, Rick Kazman discusses the significance of evaluating software architectures, emerging trends, and how to perform architecture evaluations in Agile and Lean software development organizations. MORE >

Dec 8, 2011

ComputerWorld: Java Apps Have Most Flaws, Cobol Apps the Least, Study Finds

Ipek Ozkaya, a senior member of the technical staff, discusses the subject of technical debt, the cost of repairing each line of code in software, and the work the SEI has been doing to provide guidance in this area. MORE >

Dec 7, 2011

HSToday.com: Experts Largely Embrace Quasi-Govt Organization Proposed by Cybersecurity Bill

Dr. Greg Shannon testified before a House committee regarding cybersecurity information-sharing legislation that would stand up a public-private entity known as the National Information-Sharing Organization (NISO), which would provide the private sector with classified and unclassified information on cyber threats while the federal government would receive vital data on cyber attacks against corporations. MORE >

Dec 6, 2011

Government Computer News: Congress Mulls Clearinghouse for Sharing Cyber Threat Info

Dr. Greg Shannon, chief scientist for the SEI's CERT Program, testified before the House Committee on Homeland Security about a draft legislation that would create a quasi-governmental National Information Sharing Organization that would serve as a clearinghouse for cybersecurity and threat information shared between government and the private sector. MORE >

Dec 6, 2011

SYS-CON.com: US Cyber Command Conducts Tactical Cyber Exercise

XNET, a cybersecurity training and simulation platform developed by CERT was used to train 300 cyber and IT professionals during the U.S. Cyber Command first major tactical cyber exercise called Cyber Flag 12-1. MORE >

Dec 6, 2011

HCPro.com: Consider the Threats "Insiders" Pose to Your Security

Randy Trzeciak, technical team lead of the Insider Threat Research Group within the CERT Program, spoke to healthcare professionals emphasizing the importance of paying attention to the threat that comes from those inside the organization. MORE >

Nov 21, 2011

HSToday: DHS Selects OTA to Provide Training to Government Employees

The Online Trusts Alliance (OTA) was awarded a contract to offer training on email authentication for all US government agencies and organizations. OTA has created a curriculum that is being delivered through the CERT Program at the Carnegie Mellon University Software Engineering Institute (SEI) to the Department of Homeland Security (DHS) for online delivery to federal employees. MORE >

Nov 18, 2011

DatabaseJournal.com: Thoughts on Improving DBA Productivity

Database administrators are encouraged to be more productive and continuously improve quality measures and processes. The SEI’s Capability Maturity Model Integration (CMMI) is a source that can be used to impose organizational structure on software development processes and, by extension, infrastructure support processes such as database administration. MORE >

Oct 28, 2011

Bank Info Security: Insider Threat 30-Day Warning

Research from the SEI CERT program insider threat team finds that much theft of intellectual property occurs within 30 days of the insider's last day on the job. MORE >

Sep 30, 2011

Pittsburgh Business Times: Carnegie Mellon University Team Trains Utilities on Implementing Smart Grid

The Pittsburgh Business Times discusses how the Smart Grid Maturity Model is helping utilities on their smart grid journey. MORE >

Sep 29, 2011

Health Data Management: Information Insecurity, Inside Edition

Randy Trzeciak, Technical Team Lead of Insider Threat Outreach and Transition at CERT, shares guidelines that organizations should follow to protect themselves from insider threats. MORE >

Sep 16, 2011

The NCFTA: Combining Forces to Fight Cyber Crime

The FBI says that its National Cyber Forensics and Training Alliance (NCFTA), a forward-looking organization established to proactively address the issue of cyber crime, draws its intelligence from hundreds of private-sector members including the SEI's CERT program. MORE >

Sep 16, 2011

CIO Insight: UBS Rogue Trader: An Enterprise Security Wake-Up Call

In his testimony at a House Financial Services Financial Institutions and Consumer Credit subcommittee hearing on Sept. 14, Gregory Shannon, chief scientist at CERT, noted that damages inflicted on financial firms by managers, sales staff, and other non-technical personnel averaged about $800,000 per organization. MORE >

Sep 15, 2011

eWeek: UBS Rogue Trader Underscores Insider Threats Facing Enterprises

CERT Chief Scientist Greg Shannon testified at a House Financial Services Financial Institutions and Consumer Credit subcommittee hearing on Sept. 14 regarding the continued threat of insider attacks. Shannon said during his testimony that “organizations are ‘building walls’ around the networks to keep malicious perpetrators out, but having difficulty defending against ‘potential menaces that are already on the inside of the fence.’” MORE >

Sep 14, 2011

GovInfoSecurity: A New Approach to IT Security

In a recent podcast interview, Terry Roberts, executive director of the Acquisition Support Program/Interagency and Cyber at the SEI, says cyber intelligence could make significant gains in the coming year. Roberts says pilot projects are underway to determine if methods employed by the 17 federal intelligence agencies could be adapted to safeguard non-classified but sensitive information in the private sector. MORE >

Sep 14, 2011

TMCnet: SEI Updates Smart Grid Maturity Model and Seeks New Partners

The SEI recently released the Smart Grid Maturity Model (SGMM) update at the GridWeek 2011 meeting in Washington, D.C. on September 12 and welcomes more participants to apply to become Partners. MORE >

Sep 14, 2011

NextGov: Cyber Breaches at Financial Firms Increasingly are Inside Jobs

In his recent testimony to a House subcommittee on Financial Services, Financial Institutions, and Consumer Credit, CERT Chief Scientist Greg Shannon said that continued stress of the current economy on the workplace is impacting and exacerbating the potential for insider threat. MORE >

Sep 8, 2011

Major Breach: Ground Control

CERT’s Jeffrey Carpenter and Robin Ruefle discuss public perception of security breaches and explain the importance of establishing a computer security incident response team. MORE >

Aug 8, 2011

CSO: LulzSec, WikiLeaks, Murdoch: Hacking's Fourth Wave

SEI Director and CEO Paul Nielsen talks with CSO magazine about the evolution of cyber crime and what it means for the defense world, financial world, and our personal world. MORE >

Aug 8, 2011

ZDNet: Cybersecurity: Past, Present and Future

In ZDNet's Patch Monday podcast, Paul Nielsen, director and CEO of the SEI, discusses complexity in software systems, choosing strong passwords, insider threat, prosecuting online crime, and dealing with security issues when the Internet is populated with so many different kinds of devices. MORE >

Aug 4, 2011

AdelaideNow.com: Global Cyber Security Firm to Run Courses in Adelaide

SEI Director and CEO, Paul Nielsen talks about the SEI's plans to offer specialist short courses in cybersecurity and software building at Carnegie Mellon University - Australia beginning in September. MORE >

Aug 1, 2011

Radiology Today: Finding Holes in IT Security — Your Own People May Be the Biggest Risk

Randy Trzeciak, technical team lead for the Insider Threat Outreach and Transition group at CERT, discusses the threat that insiders pose to healthcare organizations as the use of electronic medical records continues to increase. MORE >

Jul 31, 2011

InfoQ: Software Architecture in the Movies

InfoQ.com discusses how watching educational videos, like the SEI's webinars and YouTube videos, can help practitioners stay up-to-date with software architecture. MORE >

Jul 13, 2011

SearchSecurity.in: OCTAVE Risk Assessment Method Examined Up Close

SearchSecurity shares a detailed overview of CERT’s OCTAVE method, which helps organizations identify and assess critical assets and risks. MORE >

Jul 5, 2011

Tri-Village News: Grandview Resident Warns Washington of Cyber-Attacks

Greg Shannon, chief scientist for CERT, testified before the U.S. House Subcommittee on June 24 about the rising number of cyber attacks and the methods the SEI has been developing to counteract the attacks. MORE >

Jul 5, 2011

InfoSecurity.com: Researchers Develop ‘Futures Market’ for Information Security Predictions

CERT Chief Scientist, Greg Shannon is part of a team of researchers developing a pilot “futures market” for predictions of major information security events before they occur. MORE >

Jul 5, 2011

MIT Technology Review: A Futures Market for Computer Security

Greg Shannon, CERT chief scientist, is part of a group of information security researchers from academia, industry, and the U.S. intelligence community collaborating to build a pilot "prediction market" capable of anticipating major information security events before they occur. MORE >

Jul 1, 2011

Pittsburgh Post-Gazette: Laws, Ethics Complicate the Battle for Cybersecurity

CERT’s Marty Lindner comments on the difficulties cybersecurity professionals have in bringing cyber criminals to justice in other countries. MORE >

Jun 20, 2011

InformIT: Leadership, Teamwork, and Trust: An Interview with James W. Over

James Over, manager of the TSP initiative discusses his new book Leadership, Teamwork, and Trust: Building a Competitive Software Capability. MORE >

Jun 8, 2011

MIT Technology Review: U.S. Military, Businesses Seek Better Defenses on the Inside

Joji Montelibano, who leads the CERT insider-threat technical team discusses the prevalence of insider attacks and research his team is doing to help organizations mitigate insider threats. MORE >

Jun 5, 2011

Federal Times: Try an Agile Approach to Software Development

The Federal Times encourages companies to use agile practices and reports on the SEI's research on the use of agile software development. MORE >

Jun 1, 2011

Electroindustry: Smart Grid Maturity Model Promotes Manufacturer-Utility Partnership

David White and Austin Montgomery of the SEI discuss the latest developments with the Smart Grid Maturity Model (SGMM) and how electrical manufacturers are essential to the smart grid vision. MORE >

May 5, 2011

Philadelphia Inquirer: Guarding Against Identity Theft Requires Much Vigilance

Chad Dougherty, leader of the Vulnerability Analysis Team at CERT, shares tips on what technology users can do to guard against identity theft. MORE >

May 1, 2011

POWERGRID International: Explaining the Smart Grid Maturity Model

Austin Montgomery and David White of the Smart Grid Maturity Model (SGMM) team discuss how the SGMM works and how utilities have benefited from using it for their smart grid programs. MORE >

Apr 26, 2011

Forbes.com: CIA Investors Aim To Build A Pseudo-Gambling Market For Data Security Predictions

CERT's Greg Shannon discusses how he and researchers from Verizon and In-Q-Tel are working to use prediction markets to gain foresight into future events in cryptography research, cyber threats, and even data security-related regulation. MORE >

Apr 25, 2011

For the Record: Finding Holes in IT Security

Randy Trzeciak, technical team lead for the Insider Threat Outreach and Transition group, discusses how insiders can pose a substantial security threat in healthcare organizations. MORE >

Apr 22, 2011

SearchSOA.com: Three Legacy Modernization Pitfalls to Avoid

Grace Lewis shares dos and don’ts that can make the journey of SOA-enabling legacy systems easier. MORE >

Apr 22, 2011

SearchSOA.com: The Future of the Mainframe and Web Services

Grace Lewis, senior member of the technical staff at the SEI, discusses SOA-enabling legacy applications, including strategies for migration and modernization and architectural approaches. MORE >

Apr 1, 2011

AUSN: Assuring Information Dominance: What it Will Take

Terry Roberts, SEI executive director, Acquisition Support Program/ Interagency and Cyber, discusses the challenges that the Navy must overcome to maintain its position as a thought leader in the information dominance arena. MORE >

Mar 11, 2011

Smart Grid Today: Carnegie Mellon Takes Smart Grid Maturity Model to Next Level

Smart Grid Maturity Model (SGMM) Program Lead, Austin Montgomery talks with Smart Grid Today about the latest updates, new partners, and future plans for the model. MORE >

Feb 16, 2011

Information Management: We Have Seen the Enemy, and He Works for Us

Information Management discusses the results of the 2011 CyberSecurity Watch Survey conducted in part by the Insider Threat Center at CERT. MORE >

Feb 10, 2011

The New New Internet: Insider Threat Most Costly for Organizations

The New New Internet discusses the results of the 2011 CyberSecurity Watch Survey conducted by the Insider Threat Center at CERT in partnership with CSO magazine. MORE >

Feb 9, 2011

Federal News Radio: Insider cyber threats more costly

Dawn Cappelli of the Insider Threat Center talks with Federal News Radio about the results of the 2011 Cybersecurity Watch Survey. MORE >

Feb 3, 2011

CSO Magazine: Insider Attacks Costly, but There's a Silver Lining

Joji Montelibano, of the CERT Insider Threat Center, discusses the results of the 2011 Cybersecurity Watch Survey with CSO magazine. MORE >

Jan 18, 2011

Computerword: Security Fail: When Trusted IT People Go Bad

Dawn Cappelli, technical manager of CERT's threat and incident management team, shares common security mistakes companies make and how they can better protect themselves against malicious insiders. MORE >

Jan 9, 2011

Healthcare IT News: Interoperability Gives UPMC a Leg up on Meaningful Use

An SEI study on electronic medical records, commissioned by the University of Pittsburgh Medical Center (UPMC), has allowed UPMC to create a unified and connected patient record. MORE >

Jan 5, 2011

Yahoo! News: Software Engineer is the Hottest Job in 2011 Survey

Ranking pay, stress levels, physical toll and other factors for 200 professions, website CareerCast says software engineer is the best job in the world. MORE >

Dec 1, 2010

Automation World: ABB Product Architecture Supports Usability

Automation World reports on work done by Len Bass, Senior Member of the Technical Staff, Len Bass, in conjunction with ABB Corporate Research, to build usability features into software architecture. MORE >

Nov 5, 2010

Bank Info Security: Incident Response: Drafting the Team

CERT's Georgia Killcrece discusses the importance of creating an incident response team and the necessary skills incident response team members should have. MORE >

Nov 3, 2010

Bank Info Security: Incident Response Career Trends

In the second part of a two-part discussion of incident response trends for 2011, Georgia Killcrece discusses skills needed today in incident response and how professionals can attain or refine those skills. MORE >

Nov 3, 2010

Bank Info Security: Incident Response Trends for 2011

In the first part of a two-part discussion of incident response trends for 2011, Georgia Killcrece discusses what incident response truly means in today's context and top incident handling and management trends for 2011. MORE >

Oct 29, 2010

Should Code be Released?

Scott A. Hissam, a senior member of the technical staff, discusses both perspectives of the debate about complete disclosure of computer code in the research review process with Communications of the ACM. MORE >

Sep 27, 2010

Fight Insider Threats with the Tools you Already Have

CERT's Michael Hanley and Dawn Cappelli offer tips and best practices for preventing and identifying malicious insider activity in a Network World story. MORE >

Sep 2, 2010

What Security can Learn From the $15M Sprint Employee Breach

Randall Trzeciak, Insider Threat Team Lead CERT, discusses best practices for preventing and detecting insider threats with CSO magazine. MORE >

Aug 4, 2010

Understanding the Insider Threat

CERT's Dawn Cappelli outlines three different types of intentional insider threats - IT sabotage, fraud and intellectual property theft. MORE >

Aug 2, 2010

The Barbarians are Already Inside the Gates: Mitigating Insider Threats

CERT's Dawn Cappelli talks about how insider attacks continue to be seen as a bigger problem than security breaches and attacks that come from outside an organization. MORE >

Jul 8, 2010

Database Admin Gets 12 Months For Hacking Employer

InformationWeek shared data from a study conducted by the U.S. Secret Service and the SEI CERT Insider Threat team. MORE >

Jul 2, 2010

Looking to Better Manage Insider Security Risks? Try Compliance

SearchCompliance.com shares statistics on insider threats from the 2010 e-Crime Watch Survey developed by CERT in partnership with with the U.S. Secret Service and CSO magazine. MORE >

Jun 30, 2010

Carnegie Mellon Contracted for Software R&D

Defense Industry Daily reports that the U.S. Government has renewed its contract with the SEI for a 4th time. MORE >

Jun 30, 2010

Federal Funding Renewed for Software Engineering Institute

The Pittsburgh Post-Gazette reports on the SEI's contract renewal with the U.S. Department of Defense. MORE >

Jun 30, 2010

Software Engineering Institute Contract Renewed

eWeek reports on the SEI's contract renewal with the Department of Defense. MORE >

Jun 18, 2010

Watts Humphrey Shares his Reflections on Management

SEI Fellow, Watts Humphrey discusses how the SEI Team Software Process (TSP) guides developers and their managers in creating effective plans that lead to quality software. MORE >

Jun 18, 2010

An Interview with Watts Humphrey

SEI Fellow Watts Humphrey talks to InformIT about how joining the SEI became his commitment to change the world of software. MORE >

Jun 11, 2010

Answers Sought After iPad Privacy Breaches

CERT technical manager, Jeffrey Carpenter, discusses how cyber attacks have changed over the last several years. MORE >

May 30, 2010

SecureLive Startup Protects Websites, Reports Hackers

SEI CERT vulnerability specialist, Chad Dougherty, comments on the ways in which developers are helping websites protect themselves from hackers who seek to exploit vulnerabilities in software. MORE >

May 27, 2010

CERT Releases Basic Fuzzing Framework

Slashdot.org reports on the SEI CERT's release of a new fuzzing framework to help identify and eliminate security vulnerabilities from software products. MORE >

May 4, 2010

New Twist on Insider Crimes

Andrew Moore, a senior member of the CERT technical staff, discusses insider crimes committed by trusted business partners and how companies can protect themselves. MORE >

Apr 16, 2010

Reflections on Management Book Review

Mike Riley reviews Watts Humphrey's book Reflections on Management on the Dr. Dobb's Journal blog. MORE >

Apr 12, 2010

Insider Threat - No Industry is Safe

Dawn Cappelli says that fraud cases are not abating and shares tips on how companies can protect themselves against malicious insiders. MORE >

Apr 6, 2010

Detecting Malicious Insiders Before Data Breaches Damage Your Business

Technical manager of CERT’s Threat and Incident Management team, Dawn Cappelli, discusses how to understand who malicious insiders are and what drives them. MORE >

Apr 1, 2010

Insider Threat - Your Greatest Risks

Dawn Cappelli, technical manager of SEI CERT’s Threat and Incident Management team and technical lead of CERT’s insider threat research, discusses insider threat trends and steps organizations can take to reduce risk. MORE >

Mar 30, 2010

How to Prevent Identity Theft in Your Business

Lawrence R. Rogers, senior member of the technical staff, CERT, shares tips on how businesses can keep private information secure. MORE >

Mar 11, 2010

HSBC's Massive Breach Is Just The Latest Example Of Big Finance Getting Broadsided

Dawn Cappelli, technical manager of CERT’s Threat and Incident Management team and technical lead of CERT’s insider threat research, comments on the risks and detection of insider attacks. MORE >

Mar 5, 2010

Is Chasing Cybercrooks Worth It?

Marty Lindner, principal engineer, CERT, comments on the difficulty of tracking down and prosecuting cyber-criminals. MORE >

Mar 4, 2010

Thin Line Separates the good Hackers from the Bad

Marty Lindner from CERT explains "hacker" communities and economy. MORE >

Dec 26, 2009

Hijacked Facebook Accounts Pose Threat of ID Theft

CERT principal engineer, Marty Lindner, discusses security risks associated with social networking sites. MORE >

Dec 1, 2009

New Hires and the Facebook Effect

Dawn Cappelli comments on the security risk from low-level employees who are recruited by outsiders to steal or manipulate information. MORE >

Sep 14, 2009

Testimony to the U.S. Senate Homeland Security and Governmental Affairs Committee

Michael P. Merritt, assistant director, U.S. Secret Service, testifies to the US Senate about cybercrime, computer forensics, and the U.S. Secret Service's preparation of agents and teams to address these issues, including the Secret Service CERT Liaison Program, which provides technical support and education. MORE >

Sep 3, 2009

New York Times: Keeping That New PC Clean and Pure

CERT vulnerability analyst Chad Dougherty suggests some ways to help keep your new computer free from malware and viruses. MORE >

Sep 3, 2009

DDJ.com: Secure Coding in C and C++

CERT's Robert Seacord points out how coding errors can lead to vulnerabilities that can be exploited. MORE >

May 30, 2009

Pittsburgh Tribune-Review: U.S. Scrambles To Develop Cyber Defenses To Fight Internet Hacking

CERT technical manager Jeff Carpenter discusses a project that includes developing a secure electronic-communication system enabling defense contractors to talk with federal agencies and share information. MORE >

May 26, 2009

InfoQ: Felix Bachmann on Evaluating Software Architecture

Felix Bachmann, a senior member of the technical staff, presented an information seminar on evaluating architecture at SATURN 2009. MORE >

May 16, 2009

The New York Times: Gadgetwise Blog: Is Your PC Security Up to Date?

CERT vulnerability analyst Chad Dougherty tells why it's important to keep software up to date. MORE >

Apr 6, 2009

Bank Info Security: Insider Threat: How to Minimize Risks from Vendors

CERT's Randy Trzeciak is quoted in this article that focuses on protecting critical systems and data. MORE >

Mar 30, 2009

Dr. Dobb's Journal: Software Engineering Institute Conference Set - Architectures at all scales will be explored

This article announces the SATURN 2009 conference to the architecture and design community. MORE >

Mar 24, 2009

PC1News: Insider Threat Workshop To Be Held By CERT This May

Blogger Lauren Gerber writes about the upcoming CERT Insider Threat Workshop. MORE >

Mar 6, 2009

MyTechnologyLawyer Radio Show: Secure-IT 2009 Conference

Listen to CERT's Julia Allen talk about security. MORE >

Mar 5, 2009

Pittsburgh Tribune-Review: Newsmaker - Kelly Kimberland

Kelly Kimberland, the SEI public relations manager, is featured for her professional accomplishments and role with the Public Relations Society of America, Pittsburgh Chapter. MORE >

Nov 6, 2008

Bank Info Security: Tackling the Insider Threat

CERT's Dawn Cappelli provides insight on motives, means, and mitigation strategies. MORE >

Oct 27, 2008

SD Times: LDRA adds CERT C standard to test tools suite

LDRA announces that its entire suite of test tools now supports the security-based CERT C Secure Coding Standard. MORE >

Sep 5, 2008

Pittsburgh Post-Gazette: U.S. Representatives check out research projects at CMU

The congressmen praised the work of the CERT program, which provided training and analysis technology that aided the Secret Service in indicting the alleged masterminds of the largest identity theft case in history earlier this year. MORE >

Sep 5, 2008

Pittsburgh Tribune-Review: CERT helped U.S. crack international ID theft case

Computer forensics experts at the SEI helped the U.S. Secret Service investigate a gang accused of stealing 40 million credit and debit card numbers. MORE >

Sep 4, 2008

KDKA.com: CMU Team Recognized For Helping Crack ID Thefts

CERT researchers receive federal recognition for cracking the biggest identity theft ring in history. MORE >

Sep 4, 2008

ThePittsburghChannel.com: Carnegie Mellon Cyber Security Helps Catch Hackers

The recent U.S. Department of Justice indictment of 11 individuals responsible for the largest identity theft case in history was possible in part to the efforts of the CERT Program. MORE >

Sep 4, 2008

KDKA-TV: CMU Team Recognized For Helping Crack ID Thefts

In this news clip, Congressmen Murtha, Dolye, and Altmire discuss the efforts of the CERT Program regarding the recent U.S. Department of Justice indictment of 11 individuals allegedly responsible for the largest-ever identity theft ring. MORE >

Aug 11, 2008

Washington Post: San Francisco Case Shows Vulnerability Of Data Networks

CERT's Dawn Cappelli is quoted on the dangers of insider threat. MORE >

Jul 31, 2008

ExecutiveBrief.com: Pairing CMMI and Six Sigma for Optimal Results

Jeannine Siviy, a senior member of the technical staff, outlines fool-proof strategies for accelerating process improvement that use both CMMI and Six Sigma. MORE >

Jun 9, 2008

ExecutiveBrief.com: Software Process Improvement Essentials: The Right Mix

Lacking the right mix of resources, quality principle, and buy-in for successful process improvement? Read on… MORE >

May 19, 2008

ITWorld.com: Developing More Secure Software - Getting Started

Julia Allen, a senior member of CERT's technical staff, takes an excerpt from the book Software Security Engineering to outline what project managers responsible for software development need to do. MORE >

May 19, 2008

Pittsburgh Business Times: Protecting Data from Danger

Dawn Cappelli, CERT's insider threat team lead, discusses how insider threats from company employees are becoming increasingly common. CERT's Nick Ianelli is also quoted on emerging malware trends. MORE >

May 19, 2008

Pittsburgh Business Times: Keeping Information Secure Requires Planning, Vigilance

CERT's Julia Allen explains how businesses should plan and prioritize their assets to increase security. MORE >

Apr 28, 2008

Federal Computer Week: Cybersecurity's New World Order

Jeff Carpenter, CERT/CC's technical manager, is quoted in this article. MORE >

Apr 10, 2008

Pittsburgh Tribune-Review: CMU Team Zeros in on Electronic Thieves

Dawn Cappelli, CERT's team lead for insider threat, discusses the insider theft of confidential and sensitive information such as Social Security and credit card numbers, personally identifiable information and industrial espionage and how it is a growing concern to both industry and government. MORE >

Apr 10, 2008

The Register Developer: Old People Can Sabotage Software Too

CERT's Dawn Cappelli discusses the common characteristics of disgruntled employees and their potential risk to their organizations. MORE >

Apr 10, 2008

Computer Weekly: Spot the Warning Signs of Insider Attacks

According to CERT's Dawn Cappelli, insider attacks on corporate information are highly predictable, but nearly half of companies face losses because they ignore the warning signs. MORE >

Mar 20, 2008

Wall Street Journal: What's Your Favorite Security Question?

CERT's Jason Rafail makes recommendations on how to securely manage online passwords. MORE >

Mar 17, 2008

SC Magazine: Adobe, Cisco Advisories Warn of "Critical" Vulnerabilities

CERT vulnerability analyst Will Dormann talks about what the vulnerabilities will do, how to prevent them, and recent trends. MORE >

Mar 10, 2008

NetworkWorld: Security Must Evolve, CERT Official Says

Lisa Young, a senior member of the CERT technical staff, explains how the Resiliency Engineering Framework guides security strategy. MORE >

Feb 29, 2008

Solutions-Daily.com: SMART Ultra-Large-Scale Systems Forum

The SMART Conference, hosted by the SEI to highlight the Institute's research on ultra-large-scale (ULS) systems, is profiled. MORE >

Feb 19, 2008

Dr. Dobb's Journal: Agile CMMI?

This article looks at how agile software development and CMMI work together. MORE >

Feb 19, 2008

InfoWorld: Be Prepared - ActiveX Attacks Will Persist

Will Dormann, a CERT vulnerability analyst, is quoted in this article on the risks created by flaws in technology, poor development practices, and a large user base. MORE >

Jan 31, 2008