Since 2001, the U.S. Secret Service and the CERT Program have collaborated to identify, assess, and manage potential threats to, and vulnerabilities of, data and critical systems. This collaboration represents an effort to augment security and protective practices by

• finding ways to identify, assess, and mitigate cybersecurity threats to data and critical systems that impact physical security or threaten the mission of organizations
• finding ways to identify, assess, and manage individuals who may pose a threat to those data or critical systems
• developing information and tools that can help private industry, government, and law enforcement identify cybersecurity issues that affect physical or operational security and assess potential threats to, and vulnerabilities in, data and critical systems

The Insider Threat Study (ITS) is a central component of this multiyear collaboration between the Secret Service and the CERT Program. The ITS focuses on employees who use or exceed their authorized access to their organization's information systems to harm to the organization, by stealing intellectual property or other confidential or sensitive information, committing fraud, or sabotaging information technology within critical infrastructure sectors. The project draws from the Secret Service's expertise in behavioral and incident analysis and the CERT Program's technical expertise in networked systems survivability and security.

The ITS has resulted in a series of case study reports:

• Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector. Published in July 2012 and funded by the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate, this special report examines patterns from insider and external fraud cases in the U.S. financial services sector and presents insights and risk indicators of malicious insider activity in this sector. See also the Insider Fraud in Financial Services booklet.
• Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (pdf). Published in August 2004, this paper examines 23 incidents of insider threat in the banking and finance sector.
• Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors (pdf). Published in May 2005, this paper examines 49 insider incidents across critical infrastructure sectors in which the insider's primary goal was to sabotage some aspect of the organization (for example, business operations, information/data files, system/network, and/or reputation) or direct specific harm toward an individual. Executive Summary.
• Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector (pdf). Published in January 2008, this paper presents findings on 52 incidents in which the target organizations were in the information technology and telecommunications sector. Executive Summary (pdf).
• Insider Threat Study: Illicit Cyber Activity in the Government Sector (pdf). Published in January 2008, this paper examines 36 incidents of illicit cyber insider activity in the government sector. Executive Summary (pdf).

• business executives
• human resources personnel
• technical professionals
• security professionals
• law enforcement professionals
• legislators
• prosecutors