CERT-SEI

Did you know that cyberattacks from employees and other insiders is a common problem that you should be planning for and preventing? Insiders pose a substantial threat to your organization because they have the knowledge and access to proprietary systems that allow them to bypass security measures through legitimate means. The nature of insider threats is different from other cybersecurity challenges; these threats require a different strategy for preventing and addressing them.

At the CERT Insider Threat Center at Carnegie Mellon’s Software Engineering Institute (SEI), we are devoted to combatting cybersecurity issues. Our research has uncovered information that can help you identify potential and realized insider threats in your organization, institute ways to prevent them, and establish processes to deal with them if they do happen.

Our Mission: We enable effective insider threat programs by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats.

We create technical controls and indicators.

We create technical controls and indicators.

Using our wealth of socio-technical information on insider crimes, our CERT insider threat lab creates controls and indicators for preventing, detecting, and responding to insider incidents.
We conduct case analyses and develop best practices.

We conduct case analyses and develop best practices.

In 2002, we collected approximately 150 insider threat cases in the U.S. critical infrastructure sectors and examined them from technical and behavioral perspectives. The scope and body of our case analyses continue today, which allows us to publish best practices for the mitigation of insider threats.
We model and simulate insider threat.

We model and simulate insider threat.

Our MERIT project combines empirical data and system dynamics modeling and simulation to illustrate the big picture and complexity of the insider threat problem. We also collaborate with the U.S. Department of Defense on espionage research.

Combat Insider Threats

Insider threats involve real people, so our research and solutions depend on engagements with the real world. Work with us to combat insider threats.

Engage with Us

News & Announcements

Publications & Media

Certificates and Training Programs

Insider Threat Training and Certificates
Our Insider Threat training and certificate programs are available for program managers, vulnerability assessors, and program evaluators.

Fraud

Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.

Insider Fraud in Financial Services
In this brochure, the authors present the findings of a study that analyzed computer criminal activity in the financial services sector.

Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Service Sector
In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.

Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage
In this 2006 presentation, the authors describe the lessons they learned from analyzing real-life fraud, theft, and sabotage incidents.

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.

Theft of Intellectual Property

A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders
In this report, the authors present techniques for helping organizations plan, prepare, and implement means to mitigate insider theft of intellectual property.

A Preliminary Model of Insider Theft of Intellectual Property
In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.

An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases
In this report, the authors provide an overview of techniques used by malicious insiders to steal intellectual property.

Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.

Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
In this paper, the authors describe general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.

Intellectual Property Protection For Software
In this curriculum module, the authors provide an overview of the U.S. intellectual property laws that govern software creation, allocation, and enforcement.

Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders
In this report, the authors justify applying the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders."

Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations
In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.

Sabotage

A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage
In this presentation, the authors describe an interactive case example of insider threat, discuss key sabotage observations, and provide an overview of MERIT.

Chronological Examination of Insider Threat Sabotage: Preliminary Observations
In this paper, the authors examine 15 cases of insider threat sabotage of IT systems to identify points in the attack time-line.

Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab
In this presentation, the authors discuss crime profiles and countermeasures related to insider IT sabotage.

Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.

Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors
In this report, the authors seek to close the gaps in the literature that make it difficult for organizations to fully understand the insider threat.

Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage
In this 2006 presentation, the authors describe the lessons they learned from real-world fraud, theft, and sabotage incidents.

Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks
In this 2006 report, the authors describe MERIT insider threat model and simulation results.

Preventing Insider Sabotage: Lessons Learned From Actual Attacks
In this 2005 presentation, Dawn Cappelli discusses preventing insider threat sabotage.

Secret Service and CERT Release Report Analyzing Acts of Insider Sabotage via Computer Systems in Critical Infrastructure Sectors
This press release describes the second in a series of reports focusing on insider threats to information systems and data in critical infrastructure sectors.

The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.

Espionage

Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.

Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.

Related Areas of Work

Cyber Risk and Resilience Management

Cyber Risk and Resilience Management

A resilient organization meets its commitments and objectives with consistency and predictability in the face of changing risk environments and potential disruptions. The Cyber Risk and Resilience Management team has developed approaches to help your organization improve its resilience.

Cyber Workforce Development

Cyber Workforce Development

The CERT approach to cybersecurity workforce development builds knowledge, skills, and experience in a continuous cycle of professional development. We offer comprehensive, targeted, and cost-effective training options that can be tailored to the needs of your organization.

Digital Intelligence and Investigation

Digital Intelligence and Investigation

The Digital Intelligence and Investigation Directorate (DIID) develops technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations.

Incident Management

Incident Management

The Incident Management team supports the development of an international response team community by helping organizations develop, operate, and improve their incident management capabilities.

  • Connect with Us
  • 4500 Fifth Avenue
  • Pittsburgh, PA 15213-2612
  • U.S.A.
  • 412-268-5800
Contact Us
Carnegie Mellon University

©2016 Carnegie Mellon University