Insider Threat Publications

Special Issue on Insider Threat Modeling and Simulation
This special issue of an online Springer publication demonstrates the potential for modeling and simulation to help understand the insider threat problem and help test the mitigation controls.

An Insider Threat Indicator Ontology
This report presents an ontology for insider threat indicators, describes how the ontology was developed, and outlines the process by which it was validated.

Analytic Approaches to Detect Insider Threats
This paper identifies steps that organizations can use to enhance their security posture to detect potential insider threats.

An Ontology for Insider Threat Indicators
In this conference paper, selected as the Michael Dean Best Paper Award at the STIDS (Semantic Technology for Intelligence, Defense,
and Security) Conference
, the authors describe their ongoing development of an insider threat indicator ontology.
 

Unintentional Insider Threat and Social Engineering
In this blog post, David Mundie highlights recent research that aims to add to the body of knowledge about the factors that lead to unintentional insider threat (UIT) and about how organizations in industry and government can protect themselves.

The CERT Guide to Insider Threats
This book is recommended by Rick Howard, CSO of Palo Alto Networks, as part of what he calls his Cybersecurity Cannon , a list of must-read books that "genuinely represent an aspect of the community that is true and precise and that, if not read, will leave a hole in the cybersecurity professional's education that will make the practitioner incomplete." In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.

Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.

Make Sure this Doesn't Happen to You!
In this YouTube video, Dawn Cappelli describes a number of insider threat cases and identifies serious critical issues you need to consider regarding insider threats.

The CERT Top 10 List for Winning the Battle Against Insider Threats
In this presentation Dawn Cappelli provides real-case examples to reinforce best practices in mitigating insider threat.

The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.

General

Insider Threats: Actual Attacks by Current and Former Software Engineers
In this presentation, Dawn Cappelli describes the CERT Insider Threat Crime Profiles and strategies to mitigating insider threat.

Spotlight On: Programming Techniques Used as an Insider Attack Tool
In this report, the authors focus on persons who use programming techniques to commit malicious acts against their organizations.

Insider Threat and the Software Development Lifecycle
In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.

Controls and Indicators

Combating the Insider Cyber Threat
In this article, the authors explain how organizations must implement effective training to raise staff awareness about insider threats and the need for organizations to adopt a more effective approach to identifying potential risks and then taking proactive steps to mitigate them.

Indicators and Controls for Mitigating Insider Threat
In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes.

The CERT Top 10 List for Winning the Battle Against Insider Threats
In this presentation, Dawn Cappelli provides real-case examples to reinforce best practices in mitigating insider threat.

Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab
In this presentation, the authors discuss crime profiles and countermeasures related to insider IT sabotage.

The Key to Successful Monitoring for Detection of Insider Attacks
In this presentation, Software Engineering Institute researchers show how to detect insider threats successfully by monitoring and auditing network activity.

Mitigating Insider Threat—New and Improved Practices Fourth Edition
In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices for mitigating insider threats.

Indicators and Controls for Mitigating Insider Threat
In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes.

Protecting Against Insider Threat
In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders.

Detecting and Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection
In this report, the authors present methods for detecting and preventing data exfiltration using a Linux-based proxy server in a Microsoft Windows environment.

Using Centralized Logging to Detect Data Exfiltration Near Insider Termination
In this report, the authors present an insider threat pattern on how organizations can combat insider theft of intellectual property.

Case Analysis

Common Sense Guide to Mitigating Insider Threats, 4th Edition
In this report, the authors define insider threats and outline current insider threat patterns and trends.

Intriguing Insider Threat Cases – Make Sure this Doesn't Happen to You!
In this YouTube video, Dawn Cappelli describes a number of insider threat cases and identifies serious critical issues you need to consider regarding insider threats.

Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector
In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.

Insider Fraud in Financial Services
This brochure presents the findings of a study that analyzed computer criminal activity in the financial services sector.

Insider Threats to Cloud Computing: Directions for New Research Challenges
In this paper, the authors explain how cloud computing related insider threats are a serious concern, but that this threat has not been thoroughly explored.

An Analysis of Technical Observations in Insider Theft of Intellectual Property
In this report, the authors provide an overview of techniques used by malicious insiders to steal intellectual property.

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector
In this 2005 report, the authors outline the ITS, a study of insider incidents identified by public reporting or in fraud cases from the Secret Service.

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors
In this report, the authors seek to close the gaps in the literature that make it difficult for organizations to fully understand the insider threat.

Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector
In this paper, the authors present the findings of research examining reported insider incidents in the information technology and telecommunications sectors.

Chronological Examination of Insider Threat Sabotage: Preliminary Observations
In this paper, the authors examine 15 cases of insider threat sabotage of IT systems to identify points in the attack time-line.

Executive Summary of Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector
In this paper, the authors present the findings of research examining reported insider incidents in information technology and telecommunications sectors.

Insider Threat Study: Illicit Cyber Activity in the Government Sector
In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.

Executive Summary of Insider Threat Study: Illicit Cyber Activity in the Government Sector
In this paper, the authors present the findings of a research effort to examine reported insider incidents within the government sector.

Modeling and Simulation

Effective Insider Threat Programs: Understanding and Avoiding Potential Pitfalls
In this paper, the authors describe the potential ways an insider threat program (InTP) could go wrong and to engage the community to discuss its concerns.

A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders
In this report, the authors present techniques for helping organizations plan, prepare, and implement means to mitigate insider theft of intellectual property.

Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.

Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders
In this report, the authors justify applying the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders."

The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.

Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage
In this paper, the authors describe the MERIT insider threat model and simulation results.

Preliminary System Dynamics Maps of the Insider Cyber-threat Problem
In this paper, Georgia Killcrece describes a Computer Security Incident Response Team (CSIRT)and their challenges and benefits.

A Preliminary Model of Insider Theft of Intellectual Property
In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.

Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model
In this paper, the authors identify actions that may inadvertently lead to increased vulnerability to threats from employees, contractors, and clients.

Combating the Insider Cyber Threat
In this IEEE paper, the authors mention the E-Crime Watch Survey and CERT Division work related to insider threats.

Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
In this paper, the authors describe general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.

Cybersecurity Watch Survey

2014 U.S. State of Cybercrime Survey
In this presentation, CSO Magazine, USSS, the CERT Division of the SEI and PWC provide results of the 2014 U.S. State of Cybercrime Survey.

2013 U.S. State of Cybercrime Survey: How Bad Is the Insider Threat?
This presentation shows the results of the 2013 Cybercrime Survey.

As Cybercrime Threats Continue to Escalate, 2013 State of Cybercrime Survey from PwC and CSO Finds Companies Aren't Doing Enough to Defend Themselves
This press release about the 2013 Cybercrime Survey reveals findings that there is more to be done to combat cybercrime.

2012 Cybersecurity Watch Survey: How Bad Is the Insider Threat?
This presentation describes the results of the 2012 Cybersecurity Watch Survey.

2011 Cybersecurity Watch Survey: Organizations Need More Skilled Cyber Professionals to Stay Secure
This press release about the 2011 cybersecurity watch survey reveals findings that more attacks are committed by outsiders but attacks by insiders are viewed to be the most costly to organizations.

2011 Cybersecurity Watch Survey: How Bad Is the Insider Threat?
This presentation shows the results of the 2011 Cybersecurity Watch Survey, which was conducted to identify electronic crime fighting trends and techniques, including best practices and emerging trends.

2010 Cybersecurity Watch Survey: Cybercrime Increasing Faster than Some Company Defenses
This press release describes how cybercrime threats posed to targeted organizations are increasing faster than many organizations can combat them, according to the 2010 CyberSecurity Watch Survey.

2005 E-Crime Watch Survey: Survey Results
This press release summarizes the findings of the 2005 E-Crime Watch Survey. The survey was conducted online and designed to skip questions that were not relevant or to ask follow-up questions based on previous responses.

2005 E-Crime Watch Survey: Summary of Findings
This report summarizes the findings of the 2005 E-Crime Watch survey, which was conducted to unearth electronic crime fighting trends and techniques, including best practices and emerging trends. Respondents' answers are based on the 2004 calendar year.

2005 E-Crime Watch Survey Shows E-Crime Fighters Making Headway
This press release describes the results of the 2005 E-Crime Watch survey, which was conducted among security executives and law enforcement personnel. The survey reveals the fight against electronic crimes (e-crimes) may be paying off.

2004 E-Crime Watch Survey
This report details the results of the 2004 E-Crime Watch Survey, which was conducted to unearth e-crime fighting trends and techniques, including best practices and emerging trends.