CERT updates insider threat guidebook

The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University released the fifth edition of the Common Sense Guide to Mitigating Insider Threats. The guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so.

insider threat guidebook

“The new edition of the guide comes at critical time for organizations developing insider threat programs,” said Randy Trzeciak, technical manager of the CERT Insider Threat Center. “The insider threat landscape has changed considerably since the previous edition, especially with new directives that government and government-contractor organizations must follow.”

Updates to the guide reflect the movement of government and private organizations toward the startup of insider threat programs. Changes include:

  • Reordering of best practices to better align with the development of insider threat programs
  • Recognizing the threat posed by non-malicious (accidental) insiders
  • Significant updates to best practices
  • One new practice
  • New case studies for each best practice.

This edition also focuses on six groups within an organization—Human Resources, Legal, Physical Security, Data Owners, Information Technology, and Software Engineering—and maps the relevant groups to each practice.

The threat of attack from insiders is real and substantial. The 2016 U.S. State of Cybercrime Survey found 27% of electronic crime events were suspected or known to be caused by insiders. The survey also revealed that 30% of the respondents thought that damage caused by insider attacks was more severe than damage from outsider attacks.

“The guide lays out the practices that organizations should consider in identifying their critical assets and protecting them from malicious and unintentional insider threats,” said Trzeciak. “It’s the first step an organization should take in a continuum that includes program building, manager and staff training, and organizational insider threat assessments.”

The Common Sense Guide to Mitigating Insider Threats is available free of charge in PDF format here.