SEI Blog | Insider Threat

SEI Blog | Insider Threathttp://www.sei.cmu.edu/feeds/topic/Updates on changes and additions to the SEI Blog for posts matching Insider Threaten-usMon, 03 Feb 2025 00:00:00 -0500Introducing the Insider Incident Data Exchange Standard (IIDES)https://www.sei.cmu.edu/blog/introducing-the-insider-incident-data-exchange-standard-iides/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCapturing and sharing information about insider incidents is a challenge. This post introduces the Insider Incident Data Exchange Standard (IIDES) schema for insider incident data collection.Austin WhisnantMon, 03 Feb 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/introducing-the-insider-incident-data-exchange-standard-iides/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesInsider ThreatCyber Risk and Resilience ManagementA Roadmap for Incorporating Positive Deterrence in Insider Risk Managementhttps://www.sei.cmu.edu/blog/a-roadmap-for-incorporating-positive-deterrence-in-insider-risk-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesPositive deterrence reduces insider risk through workforce practices that promote the mutual interests of employees and their organization.Andrew MooreMon, 23 Sep 2024 00:00:00 -0400https://www.sei.cmu.edu/blog/a-roadmap-for-incorporating-positive-deterrence-in-insider-risk-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates10 Lessons in Security Operations and Incident Managementhttps://www.sei.cmu.edu/blog/10-lessons-in-security-operations-and-incident-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post outlines 10 lessons learned from more than three decades of building incident response and security teams throughout the globe.Robin RuefleMon, 04 Mar 2024 00:00:00 -0500https://www.sei.cmu.edu/blog/10-lessons-in-security-operations-and-incident-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCERT Releases 2 Tools to Assess Insider Riskhttps://www.sei.cmu.edu/blog/cert-releases-2-tools-to-assess-insider-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe average insider risk incident costs organizations more than $600,000. To help organizations assess their insider risk programs, the SEI CERT Division has released two tools available for download.Roger BlackMon, 26 Feb 2024 00:00:00 -0500https://www.sei.cmu.edu/blog/cert-releases-2-tools-to-assess-insider-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe 13 Key Elements of an Insider Threat Programhttps://www.sei.cmu.edu/blog/the-13-key-elements-of-an-insider-threat-program/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCOVID-19 changed the nature of the workplace. In this evolving climate, organizations need to be increasingly vigilant against insider incidents. In this post, we present the 13 key elements of an insider threat program.Dan Costa, Randall TrzeciakMon, 23 Oct 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/the-13-key-elements-of-an-insider-threat-program/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHow to Mitigate Insider Threats by Learning from Past Incidentshttps://www.sei.cmu.edu/blog/how-to-mitigate-insider-threats-by-learning-from-past-incidents/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post summarizes a new best practice added to the new 7th edition of the Common Sense Guide to Mitigating Insider Threats, "Learn from Past Insider Threat Incidents."Dan CostaMon, 31 Oct 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/how-to-mitigate-insider-threats-by-learning-from-past-incidents/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceCyber Risk and Resilience ManagementPotential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programshttps://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to mitigate concerns before the CCPA takes effect.Emily Kessel, Sarah Miller, Carrie GardnerMon, 31 May 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience ManagementInsider ThreatBest PracticesBenford's Law: Potential Applications for Insider Threat Detectionhttps://www.sei.cmu.edu/blog/benfords-law-potential-applications-insider-threat-detection/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn how a mathematical law may help detect insider activity without the effort of traditional anomaly detection in this informative SEI Blog postEmily KesselThu, 17 Dec 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/benfords-law-potential-applications-insider-threat-detection/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatInsider Threat Incidents: Assets Targeted by Malicious Insidershttps://www.sei.cmu.edu/blog/insider-threat-incidents-assets-targeted-by-malicious-insiders/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post details CERT's new taxonomy for targeted assets in insider threat incidents and highlights their latest findings.Sarah MillerTue, 29 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/insider-threat-incidents-assets-targeted-by-malicious-insiders/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatHighlights from the 7th Annual National Insider Threat Center (NITC) Symposium, Day Onehttps://www.sei.cmu.edu/blog/highlights-from-the-7th-annual-national-insider-threat-center-nitc-symposium-day-one/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post recaps the first day of the National Insider Threat Symposium, covering proactive approaches to reducing insider incidents.Dan Costa, Sarah MillerWed, 23 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/highlights-from-the-7th-annual-national-insider-threat-center-nitc-symposium-day-one/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatInsider Threat Incidents: Communication Channelshttps://www.sei.cmu.edu/blog/insider-threat-incidents-communication-channels/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn how to identify risk behaviors and detect insider threats with communication channel monitoring in this informative SEI Blog post.Sarah Miller, Alex PickeringThu, 17 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/insider-threat-incidents-communication-channels/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatInsider Threat Incidents: Most Commonly Affected Deviceshttps://www.sei.cmu.edu/blog/insider-threat-incidents-most-commonly-affected-devices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about the most common devices affected by insider threat incidents and their impact on insider risk management and incident response in this SEI Blog post.Sarah Miller, Alex PickeringThu, 10 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/insider-threat-incidents-most-commonly-affected-devices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatOrganizational Resilience to Insider Threatshttps://www.sei.cmu.edu/blog/organizational-resilience-to-insider-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post explores the activities of the CERT National Insider Threat Center and offers strategies for operational resilience.Dan CostaThu, 03 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/organizational-resilience-to-insider-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatFunctional Requirements for Insider Threat Tool Testinghttps://www.sei.cmu.edu/blog/functional-requirements-for-insider-threat-tool-testing/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBecause of the scope and scale of the insider threat, the SEI recommends that organizations adopt a use-case-based approach to insider risk mitigation....Bob Ditmore, Derrick SpoonerThu, 19 Mar 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/functional-requirements-for-insider-threat-tool-testing/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatMaturing Your Insider Threat Program into an Insider Risk Management Programhttps://www.sei.cmu.edu/blog/maturing-your-insider-threat-program-into-an-insider-risk-management-program/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHaving trouble clearly stating the scope of your insider threat program? Struggling with measuring the program's effectiveness? Failing to provide actionable intelligence to the program stakeholders?...Dan CostaMon, 27 Jan 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/maturing-your-insider-threat-program-into-an-insider-risk-management-program/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatAnti-Phishing Training: Is It Working? Is It Worth It?https://www.sei.cmu.edu/blog/anti-phishing-training-is-it-working-is-it-worth-it/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesPhishing attacks target human, rather than technical, vulnerabilities. Some organizations, companies, government agencies, educational institutions, and individuals put on blinders....Mike PetockThu, 23 Jan 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/anti-phishing-training-is-it-working-is-it-worth-it/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesInsider ThreatBest Practices in Network SecurityTechnology Trends in Data Exfiltrationhttps://www.sei.cmu.edu/blog/technology-trends-in-data-exfiltration/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOne of our goals at the CERT National Insider Threat Center (NITC) is to monitor the shifting landscape of insider threat to identify tools and techniques....Alex PickeringThu, 09 Jan 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/technology-trends-in-data-exfiltration/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatMapping Cyber Hygiene to the NIST Cybersecurity Frameworkhttps://www.sei.cmu.edu/blog/mapping-cyber-hygiene-to-the-nist-cybersecurity-framework/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn honor of Cybersecurity Awareness Month, I decided to put fingers to keys and share some basic practices that every organization should consider for their cyber hygiene initiatives....Matthew TrevorsWed, 30 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/mapping-cyber-hygiene-to-the-nist-cybersecurity-framework/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceBest PracticesBest Practices in Network SecurityInsider Threat Incident Analysis: Court Outcome Observationshttps://www.sei.cmu.edu/blog/insider-threat-incident-analysis-court-outcome-observations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn the United States, legal cases may be tried in criminal court or civil court. According to data in the CERT National Insider Threat Center (NITC) incident corpus, the type of court makes a big difference....Nick MillerWed, 02 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/insider-threat-incident-analysis-court-outcome-observations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatImproving Insider Threat Detection Methods Through Software Engineering Principleshttps://www.sei.cmu.edu/blog/improving-insider-threat-detection-methods-through-software-engineering-principles/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesTuning detective controls is a key component of implementing and operating an insider threat program, and one we have seen many organizations struggle with....Dan CostaFri, 20 Sep 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/improving-insider-threat-detection-methods-through-software-engineering-principles/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesInsider ThreatSystem Verification and Validation