Common Sense Guide to Mitigating Insider Threats - 4th Edition

technical-report

Abstract

Insider threats are influenced by a combination of technical, behavioral, and organizational issues
and must be addressed by policies, procedures, and technologies. Accordingly, an organization’s
staff in management, human resources (HR), legal counsel, physical security, information
technology (IT), and information assurance (IA),1 as well as data owners and software engineers,
can all benefit from reading this guide. Decision makers across the enterprise should understand
the overall scope of the insider threat problem and communicate it to all the organization’s
employees. The CERT Program’s current analysis recognizes the following unique patterns of
insider threat behavior: intellectual property (IP) theft, IT sabotage, fraud, espionage, and
accidental insider threats. This guide focuses on IP theft, IT sabotage, and fraud. Organizations
can use this guide to efficiently inform and direct their mitigation of potential insider threats.

(CMU/SEI-2012-TR-012, 2012: Common Sense Guide to Mitigating Insider Threats - 4th Edition, xiii)

Links

• https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=34017

Citation

Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L., 2012. Common Sense Guide to Mitigating Insider Threats 4th Edition: (Technical Report No. CMU/SEI-2012-TR-012). Defense Technical Information Center, Fort Belvoir, VA. https://doi.org/10.21236/ADA585500