Year
2012Common Sense Guide to Mitigating Insider Threats - 4th Edition
Type
Technical Report
technical-report
Authors
Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L.
Identifiers
DOI: 10.21236/ADA585500
Report
: CMU/SEI-2012-TR-012
Year
2012
Abstract
Insider threats are influenced by a combination of technical, behavioral, and organizational issues
and must be addressed by policies, procedures, and technologies. Accordingly, an organization’s
staff in management, human resources (HR), legal counsel, physical security, information
technology (IT), and information assurance (IA),1 as well as data owners and software engineers,
can all benefit from reading this guide. Decision makers across the enterprise should understand
the overall scope of the insider threat problem and communicate it to all the organization’s
employees. The CERT Program’s current analysis recognizes the following unique patterns of
insider threat behavior: intellectual property (IP) theft, IT sabotage, fraud, espionage, and
accidental insider threats. This guide focuses on IP theft, IT sabotage, and fraud. Organizations
can use this guide to efficiently inform and direct their mitigation of potential insider threats.
(CMU/SEI-2012-TR-012, 2012: Common Sense Guide to Mitigating Insider Threats - 4th Edition, xiii)
Links
Citation
Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L., 2012. Common Sense Guide to Mitigating Insider Threats 4th Edition: (Technical Report No. CMU/SEI-2012-TR-012). Defense Technical Information Center, Fort Belvoir, VA. https://doi.org/10.21236/ADA585500