CMU/SEI-2012-TR-012, 2012

Common Sense Guide to Mitigating Insider Threats - 4th Edition

technical-report

Authors

Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L.

Identifiers

Year

2012

Abstract

Insider threats are influenced by a combination of technical, behavioral, and organizational issues
and must be addressed by policies, procedures, and technologies. Accordingly, an organization’s
staff in management, human resources (HR), legal counsel, physical security, information
technology (IT), and information assurance (IA),1 as well as data owners and software engineers,
can all benefit from reading this guide. Decision makers across the enterprise should understand
the overall scope of the insider threat problem and communicate it to all the organization’s
employees. The CERT Program’s current analysis recognizes the following unique patterns of
insider threat behavior: intellectual property (IP) theft, IT sabotage, fraud, espionage, and
accidental insider threats. This guide focuses on IP theft, IT sabotage, and fraud. Organizations
can use this guide to efficiently inform and direct their mitigation of potential insider threats.

(CMU/SEI-2012-TR-012, 2012, xiii)

Links

Citation

Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L., 2012. Common Sense Guide to Mitigating Insider Threats 4th Edition: (Technical Report No. CMU/SEI-2012-TR-012). Defense Technical Information Center, Fort Belvoir, VA. https://doi.org/10.21236/ADA585500


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.