Pittsburgh, Pa., February 27,
2012— The Carnegie Mellon Software Engineering Institute (SEI) announced
the publication of The CERT Guide to
Insider Threats: How to Prevent, Detect, and Respond to Information Technology
Crimes (Theft, Sabotage, Fraud) by Addison-Wesley Professional. The book
covers the CERT®
Insider Threat Center’s extensive research over the past 10 years collecting
and analyzing information about more than 700 insider cybercrimes, ranging from
national security espionage to theft of trade secrets.
Authors Dawn Cappelli, Andrew Moore, and Randall Trzeciak
systematically address attacks by all types of malicious insiders, including
current and former employees, contractors, business partners, outsourcers, and
even cloud-computing vendors. They cover three major types of insider
cybercrime: IT sabotage, intellectual property theft, and fraud.
Part of the SEI Series in Software Engineering from Addison Wesley, the book offers specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization. “Insider threat is more than just a technical problem,” says Cappelli, technical manager of Enterprise Threat and Vulnerability Management at the CERT Insider Threat Center. “It’s a broad problem across all levels of an organization that involves technical staff as well as operational staff.”
“We believe that the most effective way to address insider threats is not solely by technical controls, it needs to be enterprise-wide,” says Trzeciak, technical team lead of the Insider Threat Research team. “The book shares actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments."
The CERT Insider Threat Center’s 10 years of research is consolidated into nine chapters understandable by technical and non-technical readers alike. The book explains how to
signs of insider IT sabotage, theft of sensitive information, and fraud
threats throughout the software development life cycle
threat controls to resist attacks by both technical and nontechnical
effectiveness of existing technical security tools by enhancing rules,
configurations, and associated business processes
prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground
The CERT Guide to Insider Threats book is available for purchase now at Addison-Wesley’s InformIT website at http://www.informit.com/store/product.aspx?isbn=9780321812575.
About the Carnegie Mellon Software Engineering Institute and the CERT Program
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI helps organizations make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at http://www.sei.cmu.edu. The CERT Program serves as a center of enterprise and network security research, analysis, and training within the Software Engineering Institute. For more information, visit the CERT website at http://www.cert.org.
Please tell us what you
think with this short
(< 5 minute) survey.