CERT Insider Threat Center (SEI Carnegie Mellon University)
Insider Threat Tips is shifting gears this week focusing on a great insider threat resource, the CERT insider threat group. This organisation is spearheading the research efforts on insider threat and is a great place to expand your insider threat knowledge base.
TL;DR (Too Long Didn't read)
The CERT insider Threat Center is a great resource to leverage for all things insider threat . They have many publications, tools, training, stats, and best practice guides.
What is CERT?
Directly from CERT's website:
We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cyber security.
The CERT Insider Threat Center is uniquely positioned as a trusted broker to directly assist the community in the short term as well as contribute long term through our ongoing research. CERT researchers also develop and conduct assessments and workshops and maintain a blog.
We have been researching insider threats since 2001 in partnership with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.
Some of CERT’s research includes:
- Collecting insider threat cases (numbering more than 1,000) and examining them from technical and behavioural perspectives
- Creating controls that can be used for preventing, detecting, and responding to insider threats
- Analysing cases helps private industry, government, and law enforcement better understand, detect, and possibly prevent harmful insider activity
- Formulating and publishing best practices for mitigating insider threats
- Identifying unique patterns of insider threat behaviour, including intellectual property (IP) theft, IT sabotage, fraud, espionage, and unintentional insider incidents
- Combining modeling and simulation and empirical data to illustrate the complexity of the insider threat problem
Other great content from CERT:
Common Sense Guide to Mitigating Insider Threats, 5th Edition
The CERT Top 10 List for Winning the Battle Against Insider Threats (PowerPoint)