Moore et al., 2008

The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures

report

Publication

Also published in https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1629159891, p. 17-44

Year

2008

Authors

Moore, A.P., Cappelli, D.M., Trzeciak, R.F.

Identifiers

  • Technical Report No. CMU/SEI-2008-TR-009 Technical Report No. ESC-TR-2008-009

Abstract

A study conducted by the U.S. Secret Service and the Carnegie Mellon University Software Engineering Institute CERT Program analyzed 150 insider cyber crimes across U.S. critical infrastructure sectors. Follow-up work by CERT involved detailed group modeling and analysis of 54 cases of insider IT sabotage out of the 150 total cases. Insider IT sabotage includes incidents in which the insider’s primary goal was to sabotage some aspect of the organization or direct specific harm toward an individual. This paper describes seven general observations about insider IT sabotage based on our empirical data and study findings. We describe a System Dynamics model of the insider IT sabotage problem that elaborates complex interactions in the domain and unintended consequences of organizational policies, practices, technology, and culture on insider behavior. We describe the structure of an education and awareness workshop on insider IT sabotage that incorporates the previously mentioned artifacts as well as an interactive instructional case.

Links

Citation

Moore, A.P., Cappelli, D.M., Trzeciak, R.F., 2008. The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures (Technical Report No. CMU/SEI-2008-TR-009 ESC-TR-2008-009). SEI.

 


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.