Insider Threat Research: CSI Computer Security Conference

Enterprise Security Resiliency Engineering Governing for Enterprise Security
Information Security Assessments and Evaluations OCTAVE^®
Threat Analysis and Modeling Insider Threat

Publications Catalog Historical Documents CERT Contact Information CERT Statistics Meet CERT Employment Opportunities

CSI Computer Security Conference and Exhibition Presentation

Current and former employees and contractors have exploited vulnerabilities in the software/system development life cycle (SDLC) to commit fraud, theft of sensitive information, and IT sabotage. The Insider Threat Study, conducted jointly by CERT and the U.S. Secret Service, and CERT research sponsored by the DOD Personnel Security Research Center, analyzed over 150 insider cyber crimes. The research concluded that some organizations failed to enforce effective, formal policies and processes in the SDLC. Our research includes investigation and analysis of actual insider cases that exploited business and software engineering process vulnerabilities. We presented the results of our research at the CSI Computer Security Conference and Exhibition in November 2007. The following presentation materials for this conference are in PDF format:

Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information, and IT Sabotage
This presentation refers to cases involving malicious code inserted into production applications, violations of automated critical business processes, sabotage of source code and/or backups, crimes facilitated by ineffective role-based-access controls, unauthorized modification of production data by system developers, and much more.
Instructional Case of Insider Threat in the SDLC: The Case of InsuraACure, Inc.
This instructional case presents a realistic case (drawn from several actual cases) that was used to facilitate interactive discussion with the CSI audience regarding key issues of insider threat as it pertains to the SDLC. The case deals with insider motivation, behavioral and technical indicators prior to and during the crime, technical details, impacts, and best practices for prevention.

These presentation materials help to raise awareness of risks that organizations face from trusted and former employees and contractors, practices for assessing current SDLC processes, and indicators that might raise a red flag for certain employees.

Last updated January 8, 2008