Insider Threat
The CERT Guide to Insider Threats Named to Cybersecurity Canon
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes will be inducted into the Cybersecurity Canon in 2016.
Insider Threat
The Insider Threat Vulnerability Assessor (ITVA) Certificate
The ITVA certificate program enables assessors to help organizations gain a better understanding of their insider threat risk and an enhanced ability to identify and manage associated risks.
Insider Threat
Insider Threat Certificates and Training
Our Insider Threat training and certificate programs are available for program managers, vulnerability assessors, and program evaluators.
Insider Threat
Insider Threat Program Manager Certificate
Registration is now open for the CERT Insider Threat Program Manager (ITPM) Certificate training and exam.
Insider Threat
Common Sense Guide to Mitigating Insider Threats
The 4th edition provides the most current recommendations of the CERT Division, based on research and analysis of an expanded database of more than 700 insider threat cases.
Insider Threat
The CERT Guide to Insider Threats
Our book, the CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, is available at book stores and online.
Insider Threat
Custom Onsite Workshops
Learn how to develop an effective, comprehensive strategy that helps you to monitor for insider activity.
Insider Threat
SEI Book Series in Software Engineering
Our SEI researchers write books covering software engineering topics for this series of books published by Addison-Wesley Professional.
Insider Threat
Insider Threat Database
Our work is based on analyses of information in the CERT insider threat database, which documents more than 700 insider threat cases.
Insider Threat
Engage with Us
Insider threats involve real people, so our research and solutions depend on engagements with the real world. Work with us to combat insider threats.
Insider Threat
CERT Is Hiring
Your top-notch skills and knowledge can help us make a difference in our nation’s cybersecurity. Explore our career opportunities today.
Did you know that cyberattacks from employees and other insiders is a common problem that you should be planning for and preventing? Insiders pose a substantial threat to your organization because they have the knowledge and access to proprietary systems that allow them to bypass security measures through legitimate means. The nature of insider threats is different from other cybersecurity challenges; these threats require a different strategy for preventing and addressing them.
At the CERT Insider Threat Center at Carnegie Mellon’s Software Engineering Institute (SEI), we are devoted to combatting cybersecurity issues. Our research has uncovered information that can help you identify potential and realized insider threats in your organization, institute ways to prevent them, and establish processes to deal with them if they do happen.
We create technical controls and indicators.
Using our wealth of socio-technical information on insider crimes, our CERT insider threat lab creates controls and indicators for preventing, detecting, and responding to insider incidents.We conduct case analyses and develop best practices.
In 2002, we collected approximately 150 insider threat cases in the U.S. critical infrastructure sectors and examined them from technical and behavioral perspectives. The scope and body of our case analyses continue today, which allows us to publish best practices for the mitigation of insider threats.We model and simulate insider threat.
Our MERIT project combines empirical data and system dynamics modeling and simulation to illustrate the big picture and complexity of the insider threat problem. We also collaborate with the U.S. Department of Defense on espionage research.Combat Insider Threats
Insider threats involve real people, so our research and solutions depend on engagements with the real world. Work with us to combat insider threats.
News & Announcements
- 07/06/2016 SEI Introduces “Cyber Minute” Series Video Briefs Highlight the Latest in SEI Work, Thought, and Resources
- 07/05/2016 SEI Helps Government Contractors Ramp Up to Meet New NISPOM Mandate SEI Helps Government Contractors Ramp Up to Meet New NISPOM Mandate
Publications & Media
- 07/15/2016 How to Build an Effective Insider Threat Program to Comply With the New NISPOM Mandate In this webinar, Randy Trzeciak, Technical Manager of the CERT Insider Threat Center, described the summary of new requirements mandated by NISPOM Change 2 and the impact it will have on DoD contracting organizations.
- 05/10/2016 An Insider Threat Indicator Ontology This report presents an ontology for insider threat indicators, describes how the ontology was developed, and outlines the process by which it was validated.
- 04/08/2016 Using Dynamic Models to Support Inferences of Insider Threat Risk In this paper, the authors present a system dynamics model that incorporates psychological factors to simulate the pathway to insider attack.
- 04/08/2016 Compliance Signaling Games: Toward Modeling the Deterrence of Insider Threats In this paper, the authors analyze how the dynamics of compliance games illuminate the effectiveness or risks of an organizational policy.
- 04/08/2016 Inadvertent Leaks: Exploration via Agent-Based Dynamic Network Simulation In this paper, the authors describe the results of using their network model to simulate the flow of sensitive information in organizations.
Most Recent Blog Posts
Certificates and Training Programs
Insider Threat Training and Certificates
Our Insider Threat training and certificate programs are available for program managers, vulnerability assessors, and program evaluators.
Fraud
Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.
Insider Fraud in Financial Services
In this brochure, the authors present the findings of a study that analyzed computer criminal activity in the financial services sector.
Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Service Sector
In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.
Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage
In this 2006 presentation, the authors describe the lessons they learned from analyzing real-life fraud, theft, and sabotage incidents.
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
Theft of Intellectual Property
A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders
In this report, the authors present techniques for helping organizations plan, prepare, and implement means to mitigate insider theft of intellectual property.
A Preliminary Model of Insider Theft of Intellectual Property
In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.
An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases
In this report, the authors provide an overview of techniques used by malicious insiders to steal intellectual property.
Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.
Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
In this paper, the authors describe general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.
Intellectual Property Protection For Software
In this curriculum module, the authors provide an overview of the U.S. intellectual property laws that govern software creation, allocation, and enforcement.
Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders
In this report, the authors justify applying the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders."
Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations
In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.
Sabotage
A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage
In this presentation, the authors describe an interactive case example of insider threat, discuss key sabotage observations, and provide an overview of MERIT.
Chronological Examination of Insider Threat Sabotage: Preliminary Observations
In this paper, the authors examine 15 cases of insider threat sabotage of IT systems to identify points in the attack time-line.
Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab
In this presentation, the authors discuss crime profiles and countermeasures related to insider IT sabotage.
Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.
Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.
Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors
In this report, the authors seek to close the gaps in the literature that make it difficult for organizations to fully understand the insider threat.
Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage
In this 2006 presentation, the authors describe the lessons they learned from real-world fraud, theft, and sabotage incidents.
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks
In this 2006 report, the authors describe MERIT insider threat model and simulation results.
Preventing Insider Sabotage: Lessons Learned From Actual Attacks
In this 2005 presentation, Dawn Cappelli discusses preventing insider threat sabotage.
Secret Service and CERT Release Report Analyzing Acts of Insider Sabotage via Computer Systems in Critical Infrastructure Sectors
This press release describes the second in a series of reports focusing on insider threats to information systems and data in critical infrastructure sectors.
The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
Espionage
Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.
Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.