The CERT Insider Threat Center has been busy this spring developing publications, presenting podcasts, and attending conferences to extend the knowledge and research we’ve collected into the public domain. This blog post contains a few highlights of recent accomplishments and a sneak peak of what we’re planning for the future.
The CERT Insider Threat Center recently published two new research reports:
• A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders, by Andrew Moore, Michael Hanley, and David Mundie. A research project at the CERT® Program is identifying enterprise architectural patterns to protect against the insider threat to organizations. This report presents an example of such a pattern to help organizations plan, prepare, and implement a means to mitigate the risk of insider theft of IP.
• Insider Threat Security Reference Architecture, by Joji Montelibano and Andrew Moore. The Insider Threat Security Reference Architecture (ITSRA) provides an enterprise-wide solution to insider threat. The architecture consists of four security layers: Business, Information, Data, and Application. Organizations should deploy and enforce controls at each layer to address insider attacks.
The podcast NIST Catalog of Security and Privacy Controls, Including Insider Threat by Ron Ross (NIST), Joji Montelibano, and Julia Allen discusses the evolution of NIST Special Publication 800-53, recommended insider threat controls based on more than 500 cases, developing Revision 4 and beyond, and monitoring control effectiveness.
Dawn Cappelli recently presented The CERT Top 10 List for Winning the Battle Against Insider Threats at the RSA Conference USA in February 2012.
Keep an eye out for the following upcoming releases from the CERT Insider Threat Center:
• A report on insider fraud sponsored by the Department of Homeland Security Science and Technology Directorate (DHS S&T), conducted in collaboration with the Secret Service, Department of the Treasury, and the financial sector. The report contains findings from our analysis of a large collection of insider fraud cases, as well as an insider fraud model, similar to our other insider threat models for insider IT sabotage and theft of intellectual property.
• A series of blog posts and a position paper on Insider Threats in Cloud Computing.
• A new initiative to collaborate with government insider threat experts to identify and work on insider threat challenge problems. If you are interested in participating please contact us at firstname.lastname@example.org.