http://www.cert.org/nav/whatsnew.html en-us Announcements: What's New on the CERT web site http://www.sei.cmu.edu/library/abstracts/reports/13tn009.cfm This entry in the Spotlight On series summarizes such cases and insiders and provides recommendations for mitigating these incidents. Mon, 20 May 2013 16:57:11 -0400 http://www.cert.org/podcast/ A common language is essential to develop a shared understanding to better analyze malicious code. Thu, 09 May 2013 11:16:28 -0400 http://www.cert.org/blogs/certcc/2013/05/keep_calm_and_deploy_emet.html This blog post provides information about an effective approach to blocking exploits of CVE-2013-1347, the Internet Explorer 8 CGeneric Element object use-after-free vulnerability. Wed, 08 May 2013 09:50:47 -0400 http://www.cert.org/blogs/insider_threat/2013/05/controlling_the_malicious_use_of_usb_media.html This blog post explains the importance of protecting your organization from the theft of sensitive information using USB media. Mon, 06 May 2013 06:45:20 -0400 http://www.cert.org/blogs/certcc/2013/04/dont_sign_that_applet.html This blog post describes how Oracle's new guidance for Java applets may cause more harm than good. Tue, 30 Apr 2013 06:31:59 -0400 http://www.cert.org/blogs/certcc/2013/04/finding_patterns_of_malicious.html This blog post describes how finding patterns in bulk registrations can help identify potentially malicious domains. Wed, 24 Apr 2013 08:23:24 -0400 http://www.cert.org/blogs/certcc/2013/04/geoip_in_your_soc_security_ope.html This blog entry describes how to use geoIP to view data and help your network situational awareness. Wed, 17 Apr 2013 10:56:42 -0400 http://www.cert.org/flocon/ We are accepting abstracts for presentations, posters, and demonstrations for FloCon 2014, a network security conference that takes place in Charleston, South Carolina, on January 13-16, 2014. Fri, 12 Apr 2013 03:53:52 -0400 http://www.cert.org/blogs/certcc/2013/04/sld_usage_in_2012_for_common_t.html This blog post looks at second level domain usage in 2012 for the most common generic Top Level Domains. Thu, 04 Apr 2013 15:16:59 -0400 http://www.cert.org/books/secure-coding/ Secure Coding in C and C++, Second Edition identifies the root causes of today's most widespread software vulnerabilities, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives. Thu, 28 Mar 2013 11:54:15 -0400 http://www.cert.org/blogs/certcc/2013/03/the_growth_of_ipv6_announcemen.html This blog post presents a method for assessing how popular IPv6 is on the internet. Wed, 27 Mar 2013 08:45:47 -0400 http://www.cert.org/podcast/ Ensuring the security of personal mobile devices that have access to enterprise networks requires action from employees and users. Tue, 26 Mar 2013 11:23:24 -0400 http://www.cert.org/blogs/certcc/2013/03/an_alternate_view_of_announced.html This blog post describes an alternate way to view advertised IP address space on the internet using publicly available information. Thu, 21 Mar 2013 10:25:24 -0400 http://www.sei.cmu.edu/library/abstracts/reports/13tn013.cfm This technical note describes an analysis of the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders," which helps organizations mitigate the risk of insider theft of IP. Tue, 19 Mar 2013 19:59:01 -0400 http://www.cert.org/blogs/certcc/2013/03/_v_behaviorurldefaultvml_o_beh.html This blog post describes how you can calculate the growth rate of advertised IP address space on the internet using publicly available information. Wed, 13 Mar 2013 13:19:06 -0400 http://www.cert.org/blogs/insider_threat/2013/03/how_ontologies_can_help_build_a_science_of_cybersecurity.html This blog post introduces you to work done on an ontology for malware. Tue, 12 Mar 2013 06:40:47 -0400 http://www.cert.org/blogs/certcc/2013/03/watching_domains_that_change_d.html This blog entry describes the results of our three-month study of domains that change their name servers frequently. Mon, 11 Mar 2013 09:13:04 -0400 http://www.cert.org/podcast/ 371 cases of insider attacks lead to 4 new and 15 updated best practices for mitigating insider threat. Thu, 28 Feb 2013 13:00:26 -0500 http://www.sei.cmu.edu/library/abstracts/reports/13tn010.cfm This technical note presents the first common vocabulary for malware analysis. Wed, 27 Feb 2013 16:20:37 -0500 http://www.cert.org/blogs/insider_threat/2013/02/cert_insider_threat_at_the_rsa_conference.html This blog entry provides you with an opportunity to meet members of the CERT Insider Threat Center at the RSA Conference and describes events supported by these members at the conference. Tue, 19 Feb 2013 07:15:58 -0500 http://www.cert.org/blogs/insider_threat/2013/02/common_sense_guide_to_mitigating_insider_threats_-_best_practice_19_of_19.html This last of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 19: Close the doors to unauthorized data exfiltration. Wed, 13 Feb 2013 07:39:19 -0500 http://www.cert.org/blogs/insider_threat/2013/02/common_sense_guide_to_mitigating_insider_threats_-_best_practice_18_of_19.html This eighteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 18: Be especially vigilant regarding social media. Mon, 11 Feb 2013 07:28:13 -0500 http://www.cert.org/blogs/insider_threat/2013/02/common_sense_guide_to_mitigating_insider_threats_-_best_practice_17_of_19.html This seventeenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 17: Establish a baseline of normal network device behavior. Fri, 08 Feb 2013 06:37:35 -0500 http://www.cert.org/blogs/insider_threat/2013/02/common_sense_guide_to_mitigating_insider_threats_-_best_practice_16_of_19.html This sixteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 16: Develop a formalized insider threat program. Wed, 06 Feb 2013 06:38:07 -0500 http://www.cert.org/blogs/insider_threat/2013/02/common_sense_guide_to_mitigating_insider_threats_-_best_practice_15_of_19.html This fifteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 15: Implement secure backup and recovery processes. Mon, 04 Feb 2013 09:32:45 -0500 http://www.cert.org/blogs/insider_threat/2013/02/common_sense_guide_to_mitigating_insider_threats_-_best_practice_14_of_19.html This fourteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 14: Develop a comprehensive employee termination procedure. Fri, 01 Feb 2013 11:03:49 -0500 http://www.cert.org/podcast/ Governments and markets are calling for the integration of plans for and responses to disruptive events. Thu, 31 Jan 2013 12:09:46 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_13_of_19.html This thirteenth of 19 blog posts about the fourth edition of the Common Sense to Mitigating Insider Threats describes Practice 13: Monitor and control remote access from all end points, including mobile devices. Wed, 30 Jan 2013 07:46:53 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_12_of_19.html This twelfth of 19 blog posts about the fourth edition of the Common Sense to Mitigating Insider Threats describes Practice 12: Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions. Mon, 28 Jan 2013 08:04:46 -0500 http://www.cert.orgCommon Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19)/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_11_of_19.html This eleventh of 19 blog posts about the fourth edition of the Common Sense to Mitigating Insider Threats describes Practice 11: Institutionalize system change controls. Fri, 25 Jan 2013 07:27:13 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_10_of_19.html This tenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 10: Institute stringent access controls and monitoring policies on privileged users. Wed, 23 Jan 2013 08:14:08 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_9_of_19.html This ninth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 9: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. Mon, 21 Jan 2013 06:34:29 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_8_of_19.html This eighth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 8: Enforce separation of duties and least privilege. Fri, 18 Jan 2013 07:54:48 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_7_of_19.html This seventh of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 7: Implement strict password and account management policies and practices. Wed, 16 Jan 2013 08:21:10 -0500 http://www.cert.org/blogs/certcc/2013/01/anatomy_of_java_exploits.html This blog post examines the vulnerabilities that permitted Java to be exploited in two recent cases. Tue, 15 Jan 2013 14:11:17 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_5_of_19.html This sixth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 6: Know your assets. Mon, 14 Jan 2013 06:52:31 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_5_of_19.html This fifth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 5: Anticipate and manage negative issues in the work environment. Fri, 11 Jan 2013 10:07:22 -0500 http://www.cert.org/blogs/certcc/2013/01/java_in_web_browser_disable_no.html In light of a recent Java vulnerability, this blog post discusses why you should disable Java. Thu, 10 Jan 2013 17:33:04 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_4_of_19.html This fourth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 4: Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. Wed, 09 Jan 2013 12:21:12 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_2_of_19.html This third of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 3: Incorporate insider threat awareness into periodic security training for all employees. Tue, 08 Jan 2013 09:22:28 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_2_of_19.html This second of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 2: Clearly document and consistently enforce policies and controls. Fri, 04 Jan 2013 13:28:59 -0500 http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_mitigating_insider_threats_-_best_practice_1_of_19.html This first of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 1: Consider threats from insiders and business partners in enterprise-wide risk assessments. Thu, 03 Jan 2013 12:02:44 -0500 http://www.cert.org/podcast/ Today's high-risk, global, fast, and very public business environment demands a more integrated approach to not be surprised by disruptive events. Wed, 19 Dec 2012 12:06:10 -0500 http://www.cert.org/blogs/insider_threat/2012/12/release_of_the_4th_edition_of_the_common_sense_guide_to_prevention_and_detection_of_insider_threats.html The release of the Common Sense Guide to Prevention and Detection of Insider Threats, 4th Edition introduces four new best practices for preventing and detecting insider threats and a number of new features. Fri, 14 Dec 2012 17:08:55 -0500 http://www.cert.org/blogs/insider_threat/2012/12/fourth_edition_of_the_common_sense_guide_to_mitigating_insider_threats_is_released.html The newest edition of the Common Sense Guide to Mitigating Insider Threats is based on our significantly expanded database of more than 700 insider threat cases and continued research and analysis, and it covers new technologies and new threats. Thu, 13 Dec 2012 06:35:08 -0500 http://www.sei.cmu.edu/library/abstracts/reports/12tr012.cfm The CERT Insider Threat Center presents new and revised organizational practices for preventing and detecting insider threats. Wed, 12 Dec 2012 14:43:01 -0500 http://www.sei.cmu.edu/library/abstracts/reports/12tn025.cfm This technical note describes the SEI research study designed to help organizations understand the business value of implementing resilience processes and practices, and determine which ones to implement. Tue, 11 Dec 2012 20:05:45 -0500 http://www.cert.org/blogs/certcc/2012/12/forking_and_joining_python_cor.html In this blog post, Jonathan Foote explains how to expand on David Beazley's cobroadcast pattern by adding a join capability that can bring multiple forked coroutine paths back together. Wed, 05 Dec 2012 17:38:06 -0500 http://www.cert.orghttp://blog.sei.cmu.edu/post.cfm/helping-developers-address-security-with-the-cert-c-secure-coding-standard This blog post describes our latest set of rules and recommendations, which aims to help developers avoid undefined and/or unexpected behavior in deployed code. Thu, 15 Nov 2012 10:00:17 -0500 http://www.cert.orghttp://blog.sei.cmu.edu/post.cfm/writing-effective-yara-signatures-to-identify-malware This blog post provides guidelines for using YARA effectively, focusing on selection of objective criteria derived from malware, the type of criteria most useful in identifying related malware (including strings, resources, and functions), and guidelines for creating YARA signatures using these criteria. Thu, 15 Nov 2012 09:50:46 -0500 http://www.cert.org/blogs/insider_threat/2012/11/insider_threats_in_state_and_local_government_organizations.html This blog post describes insider threats in state and local government sectors, including who the insiders are, why they attack, and how they attack. Wed, 14 Nov 2012 07:29:00 -0500 http://www.cert.org/blogs/certcc/2012/11/a_look_inside_certs_fuzzing_fr.html This blog post introduces recent reports that describe some heuristics and algorithms implemented in CERT fuzzing tools. Mon, 05 Nov 2012 11:38:27 -0500 http://www.cert.org/blogs/insider_threat/2012/11/updated_and_revised_spotlight_on_insider_threat_from_trusted_business_partners.html In this blog post, the Insider Threat team announces the release of the revised Spotlight On: Insider Threat from Trusted Business Partners article. Fri, 02 Nov 2012 13:03:18 -0400 http://www.cert.org/blogs/certcc/2012/10/updates_to_cert_fuzzing_tools.html In this blog post, the CERT Vulnerability Analysis team announces the release of updates to the CERT Basic Fuzzing Framework (BFF) version 2.6 and the CERT Failure Observation Engine (FOE) version 2.01. Thu, 25 Oct 2012 15:52:45 -0400 http://www.cert.org/podcast/ A network profile can help identify unintended points of entry, misconfigurations, and other weaknesses that may be visible to attackers. Tue, 23 Oct 2012 12:28:07 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12tn028.cfm This technical note describes three factors that are likely to help or hinder the cooperation of incident responders. Tue, 16 Oct 2012 17:48:51 -0400 http://www.cert.org/blogs/insider_threat/2012/10/external_threat_analysis.html This blog post discusses extending the methodologies used in insider threat research to external threats. Fri, 05 Oct 2012 13:06:54 -0400 http://www.cert.org/blogs/insider_threat/2012/10/insider_threats_related_to_cloud_computing--installment_10_conclusion.html The last installment of a 10-part series on cloud-related insider threats summarizes the blog series and provides advice for organizations. Mon, 01 Oct 2012 07:02:55 -0400 http://www.cert.org/podcast/ Deploy vulnerability exploit prevention and mitigation techniques to thwart attacks and manage the arms race. Tue, 25 Sep 2012 12:22:09 -0400 http://www.cert.org/blogs/insider_threat/2012/09/webinar_the_insider_threat_awareness_virtual_roundtable_sponsored_by_dhs_office_of_infrastructure_pr.html Dawn Cappelli discusses the Insider Threat Awareness Virtual Roundtable webinar that took place on September 18, 2012. Tue, 25 Sep 2012 10:45:11 -0400 http://www.cert.org/blogs/insider_threat/2012/09/insider_threats_related_to_cloud_computing--installment_9_two_more_proposed_directions_for_future_re.html Installment 9 of a 10-part series on cloud-related insider threats discusses in detail two final areas of future research for cloud-related insider threats: normal user behavior analysis and policy integration. Mon, 24 Sep 2012 07:51:20 -0400 http://www.cert.org/blogs/insider_threat/2012/09/insider_threats_related_to_cloud_computing--installment_8_three_more_proposed_directions_for_future.html Installment 8 of a 10-part series on cloud-related insider threats discusses three more areas of future research for cloud-related insider threats. Mon, 17 Sep 2012 07:50:57 -0400 http://www.cert.org/blogs/insider_threat/2012/09/insider_threats_related_to_cloud_computing--installment_7_seven_proposed_directions_for_research_and.html Installment 7 of a 10-part series on cloud-related insider threats introduces seven proposed directions for cloud-related insider threat research. Wed, 12 Sep 2012 09:09:12 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12tn020.cfm This technical note describes a preliminary roadmap for understanding and building workforce readiness. Tue, 11 Sep 2012 16:26:34 -0400 http://www.cert.orgwww.cert.org/archive/pdf/Digital-Investigation-Workforce-Development.pdf This paper identifies the digital investigation capabilities that law-enforcement agencies, businesses, and other organizations must develop in order to combat criminal acts being perpetrated in cyberspace. Tue, 11 Sep 2012 15:04:24 -0400 http://www.cert.org/blogs/insider_threat/2012/09/cert_insider_threat_center_in_the_news.html This blog post summarizes recent news articles that highlight the Insider Threat Center. Mon, 10 Sep 2012 09:30:48 -0400 http://www.cert.org/blogs/insider_threat/2012/09/hello_this_is_todd_lewellen.html This blog post explains that no industry sector is free from the actions of malicious insiders. Fri, 07 Sep 2012 06:46:27 -0400 http://www.cert.org/blogs/insider_threat/2012/09/certs_study_on_insider_cyber_fraud_in_financial_services_released.html This blog post describes a study of cyber fraud in the financial services sector, including the new report that documents the results. Thu, 06 Sep 2012 05:59:08 -0400 http://www.cert.org/blogs/certcc/2012/09/java_7_attack_vectors_oh_my.html In this post, we discuss how and why to disable Java support in web browsers. Wed, 05 Sep 2012 18:02:23 -0400 http://www.cert.org/blogs/certcc/2012/09/network_profiling_using_flow_r.html This report describes how to inventory assets on a network using network flow data. Wed, 05 Sep 2012 06:25:20 -0400 http://www.cert.org/blogs/insider_threat/2012/09/insider_threats_related_to_cloud_computing--installment_6_securing_against_other_cloud-related_insid.html Installment 6 of a 10-part series on cloud-related insider threats presents how to secure against other cloud-related insiders. Tue, 04 Sep 2012 09:06:57 -0400 http://www.cert.org/blogs/insider_threat/2012/08/upcoming_appearances_of_cert_experts.html This blog post lets you know about where some members of the Insider Threat Team will be appearing in the coming weeks. Thu, 30 Aug 2012 14:17:49 -0400 http://www.cert.org/blogs/certcc/2012/08/disabling_the_java_7_plug-in_o.html We describe a recently reported, major Java vulnerability. Wed, 29 Aug 2012 09:50:54 -0400 http://www.cert.org/blogs/insider_threat/2012/08/insider_threats_related_to_cloud_computing--installment_5_securing_against_cloud-related_insiders.html Installment 5 of a 10-part series on cloud-related insider threats presents how to secure against rogue administrators. Mon, 27 Aug 2012 06:36:15 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12tr006.cfm This report provides a step-by-step guide for creating a profile to see a potential attacker.s view of an external network. Fri, 24 Aug 2012 08:01:53 -0400 http://www.cert.org/podcast/ CERT-RMM can be used to establish and meet resilience requirements for a wide range and diverse set of business objectives. Tue, 21 Aug 2012 14:00:44 -0400 http://www.cert.org/blogs/insider_threat/2012/08/insider_threats_related_to_cloud_computing--installment_4_using_the_cloud_to_conduct_nefarious_activ.html Installment 4 of a 10-part series on cloud-related insider threats presents a third type of cloud-related insider threat: those who uses cloud services to carry out an attack on his own employer. Mon, 20 Aug 2012 06:23:53 -0400 http://www.cert.org/archive/pdf/COMPSAC2012-CloudComptingSecurityTutorialSlides.pdf This tutorial was presented at IEEE COMPSAC 2012. Wed, 15 Aug 2012 09:57:22 -0400 http://www.cert.org/blogs/insider_threat/2012/08/title_insider_threats_related_to_cloud_computing--installment_3_insiders_who_exploit_cloud_vulnerabi.html Installment 3 of a 10-part series on cloud-related insider threats presents a second type of cloud-related insider threat: those that exploit weaknesses introduced by use of the cloud. Mon, 13 Aug 2012 10:51:06 -0400 http://www.cert.org/blogs/insider_threat/2012/08/title_insider_threats_related_to_cloud_computing--installment_2_the_rogue_administrator.html Installment 2 of a 10-part series on cloud-related insider threats presents three types of cloud-related insiders and discusses one in detail - the rogue administrator. Mon, 06 Aug 2012 13:17:32 -0400 http://www.cert.org/blogs/insider_threat/2012/07/title_insider_threats_related_to_cloud_computing--.html First in a series of blog posts that discuss problems related to insiders in the cloud, defending against them, and researching approaches that could help solve some of these problems. Tue, 31 Jul 2012 07:22:53 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12sr004.cfm This report describes insights and risk indicators of malicious insider activity within the banking and finance sector. Mon, 30 Jul 2012 09:07:40 -0400 http://www.cert.org/blogs/certcc/2012/07/cert_failure_observation_engin_1.html We describe version 2.0 of the CERT Failure Observation Engine (FOE). Tue, 24 Jul 2012 07:24:47 -0400 http://www.cert.org/podcast/ Implementing CERT-RMM requires well-defined improvement objectives, sponsorship, proper scoping and diagnosis, and defined processes and measures. Tue, 17 Jul 2012 11:52:37 -0400 http://www.cert.org/blogs/certcc/2012/07/vulnerability_data_archive.html We have published an archive of much of the non-sensitive vulnerability information in our vulnerability reports database. Wed, 11 Jul 2012 07:49:01 -0400 http://www.cert.org/blogs/insider_threat/2012/07/pay_attention_are_your_company_secrets_at_risk_from_insiders.html Pay attention: Are your company secrets at risk from insiders? Mon, 02 Jul 2012 14:59:37 -0400 http://www.cert.org/flocon/index.html FloCon 2013 takes place in Albuquerque, New Mexico, on January 7-10, 2013. Visit the FloCon website for information about the Call for Papers. Fri, 15 Jun 2012 14:09:39 -0400 http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html AMD video drivers prevent the use of the most secure setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET) Wed, 06 Jun 2012 10:55:26 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12tn008.cfm This report describes the first CERT RMM Users Group (RUG) Workshop Series and relays the experiences of participating members and CERT staff. Mon, 04 Jun 2012 07:50:36 -0400 http://www.cert.org/blogs/insider_threat/2012/05/the_cert_insider_threat_center_has_been_busy_this_spring.html The CERT Insider Threat Center has been busy this spring. Thu, 31 May 2012 12:08:39 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP key. We strongly urge you to encrypt sensitive information. Fri, 25 May 2012 12:03:21 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12tr008.cfm This report presents a way organizations can mitigate the risk of theft of intellectual property by departing insiders. Thu, 03 May 2012 14:12:52 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12tn013.cfm This technical note describes SCALe, a demonstration process for testing software for conformance against secure coding standards. Wed, 02 May 2012 14:57:19 -0400 http://www.sei.cmu.edu/library/abstracts/reports/12tr007.cfm This report describes the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the threat organizations face from their own insiders. Tue, 01 May 2012 15:39:41 -0400 http://www.cert.org/blogs/certcc/2012/04/cert_basic_fuzzing_framework_v.html CERT Basic Fuzzing Framework 2.5 Released Mon, 30 Apr 2012 12:43:00 -0400 http://www.cert.org/blogs/certcc/2012/04/cert_triage_tools_10.html CERT Linux Triage Tools 1.0 Released Wed, 25 Apr 2012 11:15:23 -0400 http://www.cert.org/podcast/ Security controls, including those for insider threat, are the safeguards necessary to protect information and information systems. Tue, 24 Apr 2012 11:53:39 -0400 http://www.cert.org/blogs/certcc/2012/04/cert_failure_observation_engin.html CERT Failure Observation Engine 1.0 Released Mon, 23 Apr 2012 16:47:59 -0400 http://www.cert.org/blogs/certcc/2012/04/vulnerability_severity_using_c.html Vulnerability Severity Using CVSS Wed, 11 Apr 2012 23:12:47 -0400 http://www.cert.org/archive/pdf/CERT-InsiderThreat-RSA2012.pdf Organizations can use these tips, drawn from the CERT Insider Threat Center's case files, to combat insider threat. Wed, 28 Mar 2012 13:36:45 -0400 http://www.cert.org/blogs/insider_threat/2012/03/the_cert_guide_to_insider_threats_how_to_prevent_detect_and_respond_to_information_technology_crimes.html The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes Tue, 27 Mar 2012 13:18:35 -0400 http://www.sei.cmu.edu/library/abstracts/reports/11tn028.cfm This technical note maps CERT-RMM process areas to 800-series NIST special publications. Tue, 27 Mar 2012 10:15:37 -0400 http://www.cert.org/archive/pdf/12tn007.pdf This paper gives substance and explicit meaning to the terms trust and trustworthy as they relate to automated systems and to embedded systems in particular. Wed, 07 Mar 2012 09:55:52 -0500 http://www.cert.org/podcast/ Implementing secure coding standards to reduce the number of vulnerabilities that can escape into operational systems is a sound business decision. Tue, 28 Feb 2012 13:58:01 -0500 http://www.sei.cmu.edu/library/abstracts/reports/12tn005.cfm This technical note overviews the MRD method developed by the SEI to assess system risk across the lifecycle and supply chain. Mon, 27 Feb 2012 09:58:04 -0500 http://www.sei.cmu.edu/library/abstracts/reports/11tr020.cfm This report demonstrates that SCAMPI V1.2 can be applied to CERT-RMM V1.1 as the reference model for a process appraisal. Thu, 23 Feb 2012 10:03:57 -0500 http://www.sei.cmu.edu/library/abstracts/reports/11tn012.cfm This tech note shows how CERT-RMM process areas, industry standards, and codes of practices are connected. Thu, 23 Feb 2012 10:03:12 -0500 http://www.cert.org/blogs/insider_threat/2012/02/insiders_and_organized_crime.html The entry "Insiders and Organized Crime" has been posted. Thu, 16 Feb 2012 15:16:52 -0500 http://www.sei.cmu.edu/library/abstracts/books/9780321812575.cfm?wt.ac=hpLibrary This book describes the CERT Insider Threat Center's practical findings on insider cyber crimes, as well as guidance and countermeasures for organizations. Tue, 14 Feb 2012 14:29:43 -0500 http://www.cert.org/archive/pdf/12tn004.pdf This technical note presents the foundations of a risk-based software security measurement and analysis method. Tue, 14 Feb 2012 09:26:19 -0500 http://www.cert.org/podcast/ Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors. Tue, 31 Jan 2012 13:42:01 -0500 http://www.cert.org/blogs/insider_threat/2012/01/insider_threat_control_using_a_siem_signature_to_detect_potential_precursors_to_it_sabotage.html The Entry "Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage" has been posted. Thu, 26 Jan 2012 13:28:45 -0500 http://www.cert.org/archive/pdf/12tn001.pdf This TN is the fifth article in the Spotlight On quarterly series published by the CERT Insider Threat Center. Fri, 20 Jan 2012 15:20:20 -0500 http://www.sei.cmu.edu/newsitems/iso-standard.cfm The CERT Secure Coding team made key contributions to the newest ISO/IEC C language standard. Mon, 16 Jan 2012 12:23:17 -0500 http://www.cert.org/blogs/certcc/2012/01/cname_flux.html The entry "CNAME flux" has been posted. Thu, 05 Jan 2012 14:21:03 -0500 http://www.cert.org/archive/pdf/11tn029.pdf This technical note describes how implementation-level processes can help organizations define measures of operational resilience. Thu, 22 Dec 2011 12:17:25 -0500 http://www.cert.org/podcast/ Electronic health records bring many benefits along with security and privacy challenges. Tue, 20 Dec 2011 13:35:12 -0500 http://www.cert.org/archive/pdf/11sr016.pdf This report updates the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems for 2011. Mon, 19 Dec 2011 09:46:24 -0500 http://www.cert.org/archive/pdf/SIEM-Control.pdf Insider Threat Control: Using a SIEM Signature to Detect Potential Precursors to IT Sabotage presents a technique for detecting potential insider sabotage over an organization's network. Thu, 15 Dec 2011 13:21:15 -0500 http://www.cert.org/blogs/insider_threat/2011/12/preparing_for_negative_workplace_events_-_managing_employee_expectations.html The entry "Preparing for Negative Workplace Events - Managing Employee Expectations" has been posted. Thu, 15 Dec 2011 10:21:17 -0500 http://www.cert.org/blogs/insider_threat/2011/11/insider_threat_controls.html The entry "Insider Threat Controls" has been posted. Wed, 16 Nov 2011 09:41:51 -0500 http://www.cert.org/blogs/insider_threat/2011/10/data_exfiltration_and_output_devices_-_an_overlooked_threat.html The entry "Data Exfiltration and Output Devices - An Overlooked Threat" has been posted. Mon, 17 Oct 2011 13:43:37 -0400 http://www.sei.cmu.edu/library/abstracts/books/9780321803955.cfm The CERT Oracle Secure Coding Standard for Java has been published by Addison-Wesley Professional. Fri, 14 Oct 2011 11:17:39 -0400 http://www.cert.org/insider_threat/demonstrations/ITDS01.mp4 The CERT Insider Threat Center has released the first video in a series of insider threat demonstrations. Wed, 12 Oct 2011 15:12:45 -0400 http://www.cert.org/archive/pdf/11tn024.pdf This technical note describes how organizations can use Splunk to detect insider theft of intellectual property. Wed, 12 Oct 2011 10:26:26 -0400 http://www.cert.orghttp://www.thei3p.org/events/cybercpr.html The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. See the web page for a link to the agenda. Thu, 06 Oct 2011 12:18:04 -0400 http://www.cert.org/podcast/ Measures of operational resilience should answer key questions, inform decisions, and affect behavior. Tue, 04 Oct 2011 12:03:49 -0400 http://www.cert.orgarchive/pdf/11tr017.pdf The fourth volume in the Software Assurance Curriculum Project focuses on community college courses for software assurance. Thu, 29 Sep 2011 10:50:48 -0400 http://www.cert.org/research/researchreport.html The CERT Program is internationally known for developing practices and technologies to protect, detect, and respond to attacks, accidents, and failures on networked systems. This report describes progress in our innovative research projects and activities. Fri, 23 Sep 2011 10:25:26 -0400 http://www.cert.org/blogs/certcc/2011/09/challenges_in_network_monitori.html The entry "Challenges in Network Monitoring above the Enterprise" has been published. Fri, 23 Sep 2011 10:15:33 -0400 http://www.cert.org/podcast/ Use of Domain Name System security extensions can help prevent website hijacking attacks. Tue, 06 Sep 2011 13:08:52 -0400 http://www.thei3p.org/events/cybercpr.html The Institute for Information Infrastructure Protection (I3P) and the CERT Program will present the workshop "Cyber Security CPR: Coordinated Private Response to Computer Security Incidents" in Arlington, VA on October 12-13. There is a pre-event webinar on September 8. See the workshop web page for links to online registration forms. Tue, 06 Sep 2011 13:07:42 -0400 http://www.cert.org/blogs/insider_threat/2011/08/in_2009_the_cert_insider.html The entry "The Necessity of Best Practices for the Prevention and Detection of Insider Threats" has been posted. Wed, 31 Aug 2011 09:55:22 -0400 http://www.cert.orgblogs/insider_threat/2011/08/the_cert_insider_threat_database.html The entry "The CERT Insider Threat Database" has been posted. Mon, 15 Aug 2011 10:08:26 -0400 http://www.cert.org/archive/pdf/KYFS2011.pdf As our world becomes highly connected where endless data is just a click away and using networked devices has become almost a necessity, protecting your personal information and family privacy is of great concern. Thu, 11 Aug 2011 09:19:32 -0400 http://www.cert.org/archive/pdf/11tr019.pdf In this technical report Resilient Enterprise Management (REM) team members suggest a set of top ten strategic measures for managing operational resilience. Fri, 05 Aug 2011 13:17:15 -0400 http://www.cert.org/podcast/ Depending on the service model, cloud providers and customers can monitor and implement controls to better protect their sensitive information. Tue, 02 Aug 2011 11:21:47 -0400 http://www.cert.org/archive/pdf/11sr007.pdf This report describes the development of standards for remediation of vulnerabilities and compliance issues on Department of Defense networked systems. Thu, 21 Jul 2011 16:05:40 -0400 http://www.cert.org/blogs/insider_threat/2011/07/insider_threat_methods_of_exfiltration.html The entry "Theft of Intellectual Property and Tips for Prevention" has been published. Thu, 21 Jul 2011 13:44:32 -0400 http://www.cert.org/secure-coding/CodeReviewRFP/ The SEI is issuing a Request for Proposal seeking interested organizations with experience performing web penetration and source code audits in systems developed in C#, Java, Ruby, Perl, Python, JavaScript, and PHP. Wed, 13 Jul 2011 09:06:46 -0400 http://www.cert.org/podcast/ Analyzing malware is essential to assess the damage and reduce the impact associated with ongoing infection. Tue, 12 Jul 2011 11:38:11 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP key. We strongly urge you to encrypt sensitive information. Fri, 08 Jul 2011 13:27:12 -0400 http://www.cert.orghttp://www.cert.org/blogs/insider_threat/2011/06/insider_threat_deep_dive_theft_of_intellectual_property.html The entry "Insider Threat Deep Dive: Theft of Intellectual Property" has been posted. Mon, 27 Jun 2011 14:07:30 -0400 http://www.cert.org/blogs/certcc/2011/06/signed_java_and_cisco_anyconne.html The entry "Signed Java and Cisco AnyConnect" has been posted. Thu, 09 Jun 2011 14:12:44 -0400 http://www.cert.org/archive/pdf/11tn013.pdf This technical note presents research findings on insider theft of intellectual property. Fri, 03 Jun 2011 08:57:28 -0400 http://www.sei.cmu.edu/newsitems/CERT-Team-Uses-XNET.cfm This article describes the role that XNET played in the CERT Forensics Challenge, designed for the 2011 National Security Agency Cyber Defense Exercise. Thu, 02 Jun 2011 09:30:37 -0400 http://www.cert.org/blogs/certcc/2011/05/effectiveness_of_microsoft_off.html The entry "Effectiveness of Microsoft Office File Validation" has been published. Thu, 19 May 2011 15:04:08 -0400 http://www.cert.org/blogs/insider_threat/2011/05/insider_threat_and_physical_security_of_organizations.html The entry "Insider Threat and Physical Security of Organizations" has been published. Tue, 10 May 2011 14:34:40 -0400 http://www.cert.org/podcast/ Over 100 electric power utilities are accelerating their transformation to the smart grid by using the Smart Grid Maturity Model. Thu, 05 May 2011 13:04:22 -0400 http://www.cert.org/blogs/ This main index page displays the ten most recent entries across all of our blogs. You can reach this page through the blogs link in the bottom navigation. Tue, 03 May 2011 11:55:23 -0400 http://www.cert.org/archive/pdf/11SR002.pdf This SEI Special Report describes the November 2010 Trusted Computing in Embedded Systems Workshop held at Carnegie Mellon University. Fri, 29 Apr 2011 13:57:52 -0400 http://www.cert.org/archive/pdf/SecurityMeasurementandAnalysis.pdf Cyber Security Engineering researchers at CERT have released a presentation describing their Security Measurement and Analysis (SMA) Project. Thu, 28 Apr 2011 13:26:06 -0400 http://www.cert.org/spree SPREE Workshop registration is now open. You can register by using this form (pdf). Tue, 26 Apr 2011 13:27:00 -0400 http://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.html The entry "A Security Comparison: Microsoft Office vs. Oracle Openoffice" has been published. Wed, 13 Apr 2011 14:58:49 -0400 http://www.sei.cmu.edu/sepg/europe/2011/tutorials.cfm To reinforce the "Global Excellence in Software and Security" theme, CERT staff members are presenting tutorials on a variety of security topics. Thu, 07 Apr 2011 13:02:25 -0400 http://www.cert.org/blogs/insider_threat/2011/04/insider_threat_best_practices_from_industry.html The entry "Insider Threat Best Practices from Industry" has been published. Wed, 06 Apr 2011 11:17:48 -0400 http://www.cert.org/podcast/ BuBusiness l leaders must address risk at the enterprise, business process, and system levels to effectively protect against today's and tomorrow's threats. Tue, 29 Mar 2011 16:35:47 -0400 http://www.cert.org/archive/pdf/CyberSecuritySurvey2011.pdf The 2011 CyberSecurity Watch Survey press release and data sample have been released. Fri, 04 Mar 2011 10:30:47 -0500 http://www.cert.org/blogs/certcc/2011/02/cert_basic_fuzzing_framework_b.html The entry "Announcing the CERT Basic Fuzzing Framework 2.0" has been published. Mon, 28 Feb 2011 15:57:24 -0500 http://www.cert.org/archive/pdf/11tr009.pdf This technical report discusses use of algorithms to compute overall malware behavior. Mon, 28 Feb 2011 13:29:14 -0500 http://www.cert.org/archive/pdf/GRC-202_Cebula_Allen.pdf Julia Allen and Jim Cebula gave this presentation at RSA Conference 2011 in San Francisco, California. Wed, 23 Feb 2011 21:30:20 -0500 http://www.cert.org/blogs/insider_threat/2011/02/insider_threats_in_the_software_development_lifecycle.html The entry "Insider Threats in the Software Development Lifecycle" has been published. Wed, 23 Feb 2011 15:06:45 -0500 http://www.cert.org/podcast/ Scenario-based exercises help organizations, governments, and nations prepare for, identify, and mitigate cyber risks. Tue, 22 Feb 2011 15:37:18 -0500 http://www.cert.org/archive/pdf/HT2-108_Cappelli_MontelibanoJan26.pdf "Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab," presentated at RSA Conference 2011 in San Francisco, California, is now available. Mon, 21 Feb 2011 13:54:31 -0500 http://www.cert.org/archive/pdf/11tn006.pdf This techincal note provides an overview of techniques employed by malicious insiders to steal intellectual property. Mon, 21 Feb 2011 13:04:17 -0500 http://www.cert.org/archive/pdf/11tn004.pdf This technical note examines how the MSwA Reference Curriculum recommendations might be integrated into the model curriculum recommendations for a MSIS degree. Wed, 16 Feb 2011 14:51:54 -0500 http://www.cert.org/blogs/certcc/2011/02/network_monitoring_for_web-bas.html The entry "'Network Monitoring for Web-Based Threats' released" has been published. Mon, 14 Feb 2011 13:36:55 -0500 http://www.cert.org/blogs/certcc/2011/02/blog_reorganization.html To allow for expansion into other technical areas, the Vulnerability Analysis Blog has been converted to the CERT/CC Blog. Fri, 11 Feb 2011 15:31:15 -0500 http://www.cert.org/archive/pdf/11tr005.pdf This report models the approach a focused attacker would take in order to breach an organization through web-based protocols and provides detection or prevention methods to counter that approach. Thu, 10 Feb 2011 15:04:29 -0500 http://www.cert.org/spree The SPREE Workshop will be held at Carnegie Mellon University on June 15-16, 2011. Discussions will focus on security and privacy challenges associated with developing and maintaining software as data-driven technology continues to advance. Mon, 31 Jan 2011 10:05:57 -0500 http://www.cert.org/blogs/insider_threat/2011/01/insider_threat_case_trends_of_technical_and_non-technical_employees.html The entry "Insider Threat Case Trends of Technical and Non-Technical Employees" has been published. Wed, 26 Jan 2011 10:17:18 -0500 http://www.cert.org/podcast/ Technical controls may be effective in helping prevent, detect, and respond to insider crimes. Tue, 25 Jan 2011 11:30:53 -0500 http://www.cert.org/archive/pdf/11tn005.pdf This technical note examines the capabilities and limitations of hardware-based trusted platforms in general, and the Trusted Platform Module (TPM) from the perspective of trusted applications in particular. Fri, 21 Jan 2011 14:42:42 -0500 http://www.cert.org/archive/pdf/11tn003.pdf This paper demonstrates how to extract and map technical information from previous insider crimes. Mon, 17 Jan 2011 10:19:50 -0500 http://www.cert.org/archive/pdf/10tn026.pdf This technical note considers current practices in software supply chain analysis and suggests foundational practices. Tue, 04 Jan 2011 11:39:42 -0500 http://www.sei.cmu.edu/newsitems/CERT-RMM-Book-Published.cfm The CERT Resilience Management Model (CERT-RMM) Version 1.1 has been published by Addison-Wesley Professional. Mon, 03 Jan 2011 11:55:30 -0500 http://www.cert.org/archive/pdf/10tn028.pdf This technical note presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk. Wed, 29 Dec 2010 10:52:32 -0500 http://www.cert.org/archive/pdf/10tr021.pdf The Source Code Analysis Laboratory (SCALe) is an operational capability that tests software applications for conformance to one of the CERT secure coding standards. Wed, 29 Dec 2010 09:49:20 -0500 http://www.cert.org/archive/PDF/10tr045.pdf This report presents a new, continuous approach to cybersecurity workforce development. Wed, 22 Dec 2010 14:01:12 -0500 http://www.cert.org/blogs/insider_threat/2010/12/case_trends_for_type_and_status_of_insiders.html The entry "Insider Threat Case Trends for Employee Type and Employment Status" has been published. Wed, 22 Dec 2010 11:15:47 -0500 http://www.cert.org/blogs/insider_threat/2010/12/case_trends_for_type_and_status_of_insiders.html The entry "Insider Threat Case Trends for Employee Type and Employment Status" has been published. Tue, 21 Dec 2010 10:48:35 -0500 http://www.cert.org/podcast/show/20101209caralli.html Use the CERT Resilience Management Model (CERT-RMM) to help ensure that critical assets and services perform as expected in the face of stress and disruption. Thu, 09 Dec 2010 13:45:24 -0500 http://www.cert.org/blogs/insider_threat/2010/12/upcoming_insider_threat_presentations.html The entry "Upcoming Insider Threat Presentations" has been published. Mon, 06 Dec 2010 09:42:40 -0500 http://certcareerfair.org/ Representatives from CERT will be in Arlington, VA on January 26-27 to meet with candidates interested in job opportunities. Applicants must submit resumes in advance for this appointment-only event. Fri, 03 Dec 2010 15:10:38 -0500 http://www.cert.org/archive/pdf/10sr009.pdf This special report is the first in a series of best practices information that interested organizations and governments can use to begin to develop a national incident management capability. Fri, 03 Dec 2010 10:26:56 -0500 http://www.cert.org/podcast/ Government agencies and private industry must build effective partnerships to secure national critical infrastructures. Tue, 30 Nov 2010 13:54:04 -0500 http://www.cert.org/archive/pdf/10tn030.pdf This Technical Note is the first in a series of publications designed to start a dialog on the topic of meaningful measurement. Fri, 19 Nov 2010 17:03:21 -0500 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Mon, 01 Nov 2010 15:27:40 -0400 http://www.cert.org/podcast/ Knowledge about software assurance is essential to ensure that complex systems function as intended. Tue, 26 Oct 2010 13:32:50 -0400 http://www.cert.org/blogs/insider_threat/2010/10/interesting_insider_threat_statistics.html The entry "Interesting Insider Threat Statistics" has been published. Mon, 25 Oct 2010 11:52:44 -0400 http://blogs.cisco.com/author/JohnStewart/ John Stewart, vice president and chief security officer of Cisco, will deliver one of the keynote addresses at FloCon 2011. Fri, 22 Oct 2010 13:11:39 -0400 http://www.cert.org/flocon/ Registration for FloCon 2011 is now open. The early bird registration fee will begin at $660.00 until November 22, 2010. Please use discount code FLOCONNEB when registering on or before November 22, 2010. Fri, 22 Oct 2010 12:14:37 -0400 http://www.cert.org/blogs/insider_threat/2010/10/a_threat-centric_approach_to_detecting_and_preventing_insider_threat.html The entry "A Threat-Centric Approach to Detecting and Preventing Insider Threat" has been published. Mon, 11 Oct 2010 15:55:15 -0400 http://www.cert.org/flocon/ The call for presentations, a description of sponsorship opportunities, and the sponsorship agreement have been released. Thu, 07 Oct 2010 15:38:21 -0400 http://www.cert.org/archive/pdf/10tn025.pdf This report is the first in a series that addresses how to measure software security in complex environments using the Integrated Measurement and Analysis Framework (IMAF) for software security. Wed, 06 Oct 2010 16:32:18 -0400 http://www.cert.org/archive/pdf/10tn027.pdf R-SQUARE incorporates reusable security goals and requirements into a variant of Security Quality Requirements Engineering (SQUARE). Fri, 01 Oct 2010 11:56:26 -0400 http://www.cert.org/archive/pdf/10tr025.pdf The BASF addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems. Thu, 30 Sep 2010 14:11:58 -0400 http://www.cert.org/cisw/sg2010/ This workshop will take place October 13-14, 2010 in Arlington, Virginia Thu, 30 Sep 2010 13:47:28 -0400 http://www.cert.org/podcast/ Organizations can benchmark their software security practices against 109 observed activities from 30 organizations. Tue, 28 Sep 2010 10:40:24 -0400 http://www.cert.org/blogs/vuls/2010/09/cert_basic_fuzzing_framework_u.html The entry "CERT Basic Fuzzing Framework Update" has been published. Wed, 22 Sep 2010 11:31:22 -0400 http://www.cert.org/blogs/insider_threat/2010/09/insider_threat_deep_dive_it_sabotage.html The entry "Insider Threat Deep Dive: IT Sabotage" has been published. Wed, 22 Sep 2010 10:36:45 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Tue, 14 Sep 2010 12:41:39 -0400 http://www.cert.org/blogs/insider_threat/ The first entry in our new insider threat blog has been published. Wed, 08 Sep 2010 14:34:00 -0400 http://www.cert.org/flocon/2010/proceedings.html Proceedings from FloCon 2010 have been released. Fri, 03 Sep 2010 12:16:51 -0400 http://www.cert.org/mswa A Master of Software Assurance Reference Curriculum and undergraduate course outlines are now available for download. Wed, 01 Sep 2010 16:03:44 -0400 http://www.cert.org/podcast/ Internet-connected mobile devices are becoming increasingly attractive targets. Tue, 31 Aug 2010 10:57:33 -0400 http://www.cert.org/flocon/ FloCon 2011 will take place in Salt Lake City, Utah, January 10-13, 2011. Fri, 27 Aug 2010 10:18:49 -0400 http://www.cert.org/podcast/ A national CSIRT is essential for protecting national and economic security, and ensuring the continuity of government agencies and critical infrastructures. Thu, 19 Aug 2010 08:18:09 -0400 http://www.cert.org/archive/pdf/10tn022.pdf This technical note explores the use of a disciplined approach to identifying privacy requirements, primarily how the Security Quality Requirements Engineering (SQUARE) process, which was developed for security requirements engineering, can be adapted for privacy requirements engineering in software development. Mon, 02 Aug 2010 09:42:50 -0400 http://www.cert.org/archive/pdf/TrustedBusinessPartners0210.pdf This article focuses on cases in the CERT Insider Threat Center database in which malicious insiders were employed by a trusted business partner of the victim organization. These cases involve outsourcing as well as individual contractors and consultants. Thu, 29 Jul 2010 16:44:17 -0400 http://www.cert.org/podcast/ Securing systems that control physical switches, valves, pumps, meters, and manufacturing lines as these systems connect to the internet is critical for service continuity. Tue, 27 Jul 2010 10:36:09 -0400 http://www.cert.org/csirts/national/ The CERT/CC has created both a wiki and an operational mailing list for authorized technical staff at national CSIRTs. These tools will promote collaboration and information exchange about technical projects and other relevant work. Thu, 08 Jul 2010 10:45:45 -0400 http://www.sei.cmu.edu/events/Event-Details.cfm?customel_dataPageID_4744=587174 On July 28, 2010, Rich Caralli will present "Transforming Your Operational Resilience Management Capabilities: CERT's Resilience Management Model" as part of the Software Engineering Institute's webinar series. Fri, 02 Jul 2010 11:03:47 -0400 http://www.cert.org/podcast/ Complex, distributed, multi-year investigations of computer crimes require sophisticated methods, techniques, and tools. Tue, 29 Jun 2010 10:39:13 -0400 http://www.cert.org/csirts/national/conference.html On June 19-20, the CERT/CC is hosting a meeting of CSIRTs with national responsibility in Miami, Florida. Attendees will discuss the unique challenges facing national CSIRTs and will share information about projects and solutions. Wed, 09 Jun 2010 12:33:42 -0400 http://www.cert.org/download/bff/ The CERT Basic Fuzzing Framework (BFF) is a Linux-based tool for fuzz testing software that runs on Linux. This free tool is now available for download. Wed, 09 Jun 2010 12:12:55 -0400 http://www.cert.org/archive/pdf/10tr015.pdf The CERT Oracle Secure Coding Standard for Java provides guidelines for securrogramming language Mon, 07 Jun 2010 17:22:27 -0400 http://www.cert.org/archive/pdf/10tr018.pdf This report describes a managed string library for the C programming language. Mon, 07 Jun 2010 17:13:25 -0400 http://www.cert.org/archive/pdf/10tn013.pdf The technical note describes the Survivability Analysis Framework (SAF), which can be used to examine the elements of an operational process and evaluate the survivability of an organization. Wed, 02 Jun 2010 09:50:05 -0400 http://www.cert.org/podcast/ To help identify and eliminate security vulnerabilities, subject all software that you build and buy to fuzz testing. Tue, 25 May 2010 14:23:58 -0400 http://www.cert.org/archive/pdf/10tr012.pdf The CERT-RMM report describes the key concepts, components, and process area relationships of the model, which is an innovative way to approach the challenge of managing operational resilience in complex, risk-evolving environments. Mon, 24 May 2010 09:35:14 -0400 http://www.cert.org/archive/pdf/10tr010.pdf The report, Identifying Anomalous Port-Specific Network Behavior, describes a method for detecting behavior that may be a precursor to internet-wide attacks. Fri, 21 May 2010 09:42:52 -0400 http://www.cert.org/podcast/ Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses. Tue, 27 Apr 2010 10:19:54 -0400 http://www.cert.org/research/2009research-report.pdf CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration. Mon, 05 Apr 2010 11:16:55 -0400 http://www.cert.org/archive/pdf/Insider-Threat-RSA-2010.pdf "The Key to Successful Monitoring for Detection of Insider Attacks," presentated at RSA Conference 2010 in San Francisco, California, is now available. Mon, 05 Apr 2010 10:15:19 -0400 http://www.cert.org/podcast/ Being able to respond effectively when faced with a disruptive event requires that staff members learn to become more resilient. Tue, 30 Mar 2010 10:43:16 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Fri, 05 Mar 2010 14:52:00 -0500 http://www.cert.org/podcast/ CISOs must leave no room for anyone to deny that they understand what is expected of them when developing secure software. Tue, 02 Mar 2010 09:41:55 -0500 http://www.cert.org/vuls/discovery/workshop_2010.html On February 1, 2010, CERT hosted a workshop with vulnerability researchers and software vendors to discuss ideas, tools, and techniques used to find vulnerabilities. Thu, 25 Feb 2010 16:48:28 -0500 http://www.cert.org/archive/pdf/CWE_CERT.pdf This paper describes the Common Weakness Enumeration (CWE) and the CERT secure coding standards and explains the relationship between them. Thu, 18 Feb 2010 13:39:28 -0500 http://www.cert.org/archive/pdf/Fuzzing-AIRintegers.pdf This paper presents the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions. Thu, 18 Feb 2010 13:36:31 -0500 http://www.cert.org/archive/pdf/ecrimesummary10.pdf This survey, a cooperative effort of multiple organizations, collected answers from more than 500 rent executives, professionals, and consultants. Fri, 12 Feb 2010 09:55:10 -0500 http://www.cert.org/podcast/ Students learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations. Tue, 02 Feb 2010 09:32:46 -0500 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Wed, 20 Jan 2010 14:14:25 -0500 http://www.cert.org/podcast/ The SGMM provides a roadmap to guide an organization's transformation to the smart grid. Tue, 12 Jan 2010 09:51:21 -0500 http://www.cert.org/podcast/ Addressing privacy during software development is just as important as addressing security. Tue, 22 Dec 2009 09:44:19 -0500 http://www.cert.org Fri, 04 Dec 2009 16:32:28 -0500 http://www.cert.org/podcast/ Network defenders and business leaders can use NetSA measures and evidence to better protect their networks. Tue, 01 Dec 2009 09:49:51 -0500 http://www.sei.cmu.edu/newsitems/cert_TRAC.cfm Twenty-nine competing teams from 20 countries participated in the Tactical Response and Analysis Challenge (TRAC) conducted by the SEI's CERT PRogram as part of the weeklong International Cyber Defense Workshop (ICDW), which concluded November 13, 2009. Tue, 17 Nov 2009 14:39:21 -0500 http://www.cert.org/podcast/ Providing critical services during times of stress depends on documented, tested business continuity plans. Tue, 10 Nov 2009 10:24:37 -0500 http://www.cert.org/archive/pdf/CyLabForeignTheftIP.pdf This report is the third in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider theft of intellectual property inside the U.S. involving foreign governments or organizations. Mon, 09 Nov 2009 13:23:01 -0500 http://www.cert.org/flocon/ The deadline to submit abstracts for presentations and demonstrations for FloCon 2010 has been extended to Monday, November 9. Tue, 27 Oct 2009 11:35:44 -0400 http://www.cert.org/archive/pdf/09tr010.pdf This newly updated technical report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations. Fri, 23 Oct 2009 11:49:52 -0400 http://www.cert.org/podcast/ A defined, managed process for third party relationships is essential, particularly when business is disrupted. Tue, 20 Oct 2009 14:52:15 -0400 http://www.cert.org/podcast/ The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. Tue, 29 Sep 2009 10:27:54 -0400 http://www.cert.org/podcast/ Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Tue, 08 Sep 2009 10:52:58 -0400 http://www.cert.org/archive/pdf/VRDA_Effectiveness.pdf This paper examines the effectiveness of VRDA in terms of how well it predicts responses. Tue, 25 Aug 2009 11:18:10 -0400 http://www.cert.org/podcast/ 282 cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat. Tue, 18 Aug 2009 11:20:50 -0400 http://www.cert.org/insider_threat/docs/CyLab%20Insider%20Threat%20Quarterly%20on%20Internet%20Underground%20-%20March%202009P.pdf This report is the second in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. This article focuses on insider threat cases in which the insider had relationships with the internet underground community. Fri, 31 Jul 2009 11:46:23 -0400 http://www.cert.org/podcast/ Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Tue, 28 Jul 2009 09:55:42 -0400 http://www.cert.org/insider_threat/docs/Insider_Theft_of_IP_Model_MIST09.pdf This paper provides observations about and a preliminary system dynamics model of one class of insider crime based on empirical data. Mon, 20 Jul 2009 14:30:18 -0400 http://www.cert.org/archive/pdf/09tn023.pdf This paper presents a model for automating the elimination of integer overflow and truncation in C and C++ programming code. Fri, 17 Jul 2009 16:18:45 -0400 http://www.sei.cmu.edu/products/courses/p63.html This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for thiscourse to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application. Tue, 14 Jul 2009 16:14:49 -0400 http://www.cert.org/podcast/ Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Tue, 07 Jul 2009 12:37:52 -0400 http://www.cert.org/resiliency/rmm.html CERT has published the first process areas of the Resiliency Management Model, a capability model for operational resiliency management. Thu, 02 Jul 2009 08:52:59 -0400 http://www.cert.org/csirts/national/contest_2009.html The winners of the Best Practices Contest 2009 were announced at the FIRST conference in Kyoto, Japan. Read the winning submissions. Mon, 29 Jun 2009 20:31:46 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Mon, 22 Jun 2009 15:18:31 -0400 http://www.cert.org/podcast/ When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. Tue, 16 Jun 2009 10:36:38 -0400 http://www.cert.org/podcast/ Business leaders need to take action to better mitigate sophisticated social engineering attacks. Tue, 26 May 2009 10:21:57 -0400 https://www1.gotomeeting.com/register/845945576 Register for the webinar SQUARE Up Your Security Requirements Engineering with SQUARE. This webinar provides an overview of the SQUARE process and discusses current activities and plans. Fri, 08 May 2009 13:54:42 -0400 http://www.cert.org/podcast/ Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Tue, 05 May 2009 09:53:59 -0400 http://www.cert.org/archive/pdf/09sr001.pdf This report provides guidance for making the business case for building software assurance into software products during each software development life-cycle activity. Thu, 30 Apr 2009 14:46:23 -0400 http://www.sei.cmu.edu/products/courses/p76.html Learn how to identify and manage the risk of insider threat in your organization. Register now for the two-day Insider Threat Workshop in Arlington, VA. Fri, 24 Apr 2009 10:45:29 -0400 http://www.cert.org/vuls/discovery/dranzer.html As part of their vulnerability discovery efforts, CERT has released Dranzer, an open source tool that software developers can use to test for ActiveX vulnerabilities. Thu, 16 Apr 2009 07:29:02 -0400 http://www.cert.org/podcast/ Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Tue, 14 Apr 2009 09:39:41 -0400 http://www.cert.org/forensics/tools/ The CERT forensics tools repository, a collection of add-on packages for Fedora, provides many useful cyber forensics tools for analysts and practitioners. Mon, 13 Apr 2009 08:54:16 -0400 http://www.cert.org/podcast/ Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Tue, 31 Mar 2009 14:13:41 -0400 http://www.cert.org/archive/pdf/09tr010.pdf This technical report describes a set of secure design patters, which are descriptions or templates describing a general solution to a security problem that can be applied in many different situations. Mon, 30 Mar 2009 15:36:06 -0400 http://www.cert.org/podcast/ Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. Tue, 17 Mar 2009 10:44:00 -0400 http://www.sei.cmu.edu/about/press/releases/certtechsymposium1.html On March 10, the CERT Program at Carnegie Mellon University's Software Engineering Institute began a two-day technical symposium for a select group of leaders in experts in the cyber security field. Wed, 11 Mar 2009 14:48:22 -0400 http://www.cert.org/research/2008research-report.pdf CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration. Fri, 06 Mar 2009 15:20:06 -0500 http://www.cert.org/podcast/ Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Tue, 03 Mar 2009 10:40:51 -0500 http://www.sei.cmu.edu/products/courses/p76.html CERT's insider threat research serves as the foundation for this two-day workshop. Mon, 02 Mar 2009 15:04:56 -0500 http://www.first.org/global/practices/ For the second year in a row, the CERT/CC and FIRST are jointly hosting an international competition to honor best practices and advances in safeguarding the security of computer systems and networks. Wed, 25 Feb 2009 10:42:45 -0500 http://www.cert.org/podcast/ Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Tue, 17 Feb 2009 11:17:20 -0500 http://www.sei.cmu.edu/about/press/releases/pethia.html Richard D. Pethia, director of the Carnegie Mellon Software Engineering Institute (SEI) CERT Program has been named a recipient of the 2009 CSO Compass Award sponsored by CSO Magazine. Tue, 10 Feb 2009 08:28:32 -0500 http://www.cert.org/podcast/ Standard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Tue, 03 Feb 2009 11:04:14 -0500 http://www.cert.org/archive/pdf/CSG-V3.pdf The third version of this guide includes new and updated practices based on an analysis of approximately 100 recent insider threat cases that occurred from 2003 to 2007 in the United States. Wed, 28 Jan 2009 09:10:16 -0500 http://www.cert.org/podcast/ Rich Pethia reflects on CERTs 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Tue, 20 Jan 2009 10:48:51 -0500 http://www.cert.org/podcast/ Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes. Tue, 06 Jan 2009 11:31:58 -0500 http://www.cert.org/podcast/ Climate change requires new strategies for dealing with traditional IT and information security risks. Tue, 09 Dec 2008 10:45:28 -0500 http://www.cert.org/podcast/ Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Tue, 25 Nov 2008 15:05:40 -0500 http://www.cert.org/archive/pdf/REFv0.95R_outline.pdf This document provides a brief overview of the CERT Resiliency Engineering Framework, including purpose statements, goals, and specific practices for each capability area. Thu, 13 Nov 2008 09:22:28 -0500 http://www.cert.org/podcast/ Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Tue, 11 Nov 2008 10:12:01 -0500 http://www.cert.org/podcast/ A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. Tue, 28 Oct 2008 12:12:47 -0400 http://www.cert.org/secure-coding/index.html This book is an essential desktop reference documenting the first official release of the CERT C Secure Coding Standard. Mon, 20 Oct 2008 11:21:40 -0400 http://www.cert.org/stats/ The CERT statistics have been updated with numbers from the third quarter of 2008. Fri, 17 Oct 2008 11:54:32 -0400 http://www.cert.org/podcast/ When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. Tue, 14 Oct 2008 11:04:29 -0400 http://www.cert.org/podcast/ Integrating security into university curricula is one of the key solutions to developing more secure software. Tue, 30 Sep 2008 15:24:21 -0400 https://forms.cert.org/VulReport/ The interactive form enhances CERT's vulnerability analysis efforts by making it easier for vulnerability reporters to securely submit valuable information. Wed, 17 Sep 2008 15:23:06 -0400 http://www.cert.org/podcast/ OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. Tue, 16 Sep 2008 10:25:10 -0400 https://www.securecoding.cert.org/confluence/display/java/CERT+Java+Secure+Coding+Standard CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Java community to participate in this effort by reviewing content in the Java space and providing comments. Mon, 08 Sep 2008 15:15:00 -0400 http://http://www.cert.org/archive/pdf/08tn017.pdf Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory. Tue, 02 Sep 2008 15:46:50 -0400 http://www.cert.org/podcast/ Well-defined metrics are essential to determine which security practices are worth the investment. Tue, 02 Sep 2008 10:16:44 -0400 http://www.cert.org/podcast/ Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Wed, 20 Aug 2008 09:55:06 -0400 http://www.cert.org/podcast/ Protecting critical infrastructures and the information they use are essential for preserving our way of life. Tue, 05 Aug 2008 13:22:13 -0400 http://www.cert.org/stats/ The CERT statistics have been updated with numbers from the second quarter of 2008. Tue, 29 Jul 2008 15:11:11 -0400 http://www.cert.org/podcast/ Determining which security vulnerabilities to address should be based on the importance of the information asset. Tue, 22 Jul 2008 11:39:55 -0400 http://www.cert.org/podcast/ Tue, 22 Jul 2008 11:35:23 -0400 http://www.cert.org Because of ongoing problems with the autoresponder messages being interpreted as spam, we have decided to discontinue providing an automatic acknowledgement of email sent to cert@cert.org. This change does not affect how we handle email sent to that address. Fri, 18 Jul 2008 11:22:39 -0400 http://www.cert.org/podcast/ During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Tue, 08 Jul 2008 10:54:21 -0400 http://www.cert.org/csirts/national/contest_2008.html The winning papers from the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks have been posted. Fri, 27 Jun 2008 11:58:07 -0400 http://www.cert.org/podcast/ Targeted, innovative communications and a robust life cycle are keys for security policy success. Tue, 24 Jun 2008 11:00:03 -0400 http://www.cert.org/archive/pdf/08tr014.pdf This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. Tue, 17 Jun 2008 11:35:48 -0400 http://www.cert.org/podcast/ Managing software that is developed by an outside organization can be more challenging than building it yourself. Tue, 10 Jun 2008 11:19:16 -0400 http://www.cert.org/podcast/ Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Tue, 27 May 2008 11:52:08 -0400 http://www.cert.org/contact_cert/encryptmail.html CERT has updated its PGP public key. We strongly urge you to encrypt sensitive information. Fri, 23 May 2008 15:44:07 -0400 http://www.sei.cmu.edu/community/assurance.html This one-day workshop will explore methods for capturing development costs and benefits associated with software assurance and making the case to executive management. A call for papers has been posted; registration information will soon be available. Thu, 15 May 2008 13:35:04 -0400 http://www.cert.org/podcast/ High performing organizations effectively integrate information security controls into mainstream IT operational processes. Tue, 13 May 2008 11:07:30 -0400 http://www.cert.org/podcast/ Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Tue, 29 Apr 2008 14:37:46 -0400 http://www.cert.org/blogs/vuls/ In a new blog on the CERT website, CERT staff members will address various issues related to vulnerability analysis. Fri, 18 Apr 2008 12:41:55 -0400 http://www.cert.org/podcast/ Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Tue, 15 Apr 2008 12:49:22 -0400 http://www.cert.org/stats/ The CERT statistics have been updated with numbers from the first quarter of 2008. Mon, 14 Apr 2008 12:26:34 -0400 http://www.sei.cmu.edu/publications/books/cert/software-security-engineering.html Software Security Engineering: A Guide for Project Managers will be published by Addison-Wesley in early May 2008. The book shows project managers how to build security into their software products throughout the development life cycle. Tue, 01 Apr 2008 15:12:28 -0400 http://www.first.org/conference/2008/contest.html Submissions for the first international competition honoring best practices and advances in safeguarding the security of computer systems and networks are due by April 30. The contest is being hosted by FIRST and the CERT/CC. Tue, 01 Apr 2008 14:08:07 -0400 http://www.cert.org/podcast/ Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Tue, 01 Apr 2008 12:43:36 -0400 http://www.cert.org/archive/pdf/08tr007.pdf This report presents a risk-based approach for determining the potential for success of an organization's incident management capability. Mon, 31 Mar 2008 11:29:16 -0400 http://www.first.org/conference/2008/ CERT is a sponsor for the 2008 FIRST Conference, which will be held in Canada in June. This year marks the 20th annual FIRST conference as well as the 20th anniversary of CERT. Fri, 28 Mar 2008 11:59:12 -0400 http://www.cert.org/podcast/ A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Tue, 18 Mar 2008 09:58:37 -0400 http://www.cert.org/resiliency_engineering/framework.html A draft version of the CERT Resiliency Engineering Framework is now available. We welcome and encourage your feedback on these materials. Mon, 17 Mar 2008 10:58:45 -0400 http://www.cert.org/research/2007research-report.pdf CERT is developing theoretical foundations and engineering methods to help ensure the security of critical systems and networks. This report describes progress in CERT research projects and opportunities for collaboration. Thu, 06 Mar 2008 10:36:25 -0500 http://www.cert.org/podcast/ Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Tue, 04 Mar 2008 10:27:36 -0500 http://www.first.org/conference/2008/contest.html The first-ever international competition honoring best practices and advances in safeguarding the security of computer systems and networks is announced today by the Forum of Incident Response and Security Teams (FIRST) and Carnegie Software Engineering Institute (SEI) CERT Coordination Center (CERT/CC). Tue, 26 Feb 2008 09:12:17 -0500 http://www.cert.org/podcast/ Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. Tue, 19 Feb 2008 11:20:14 -0500 http://www.antiphishing.org/events/2008_operationsSummit.html CERT will be participating in the Counter eCrime Operations Summit II May 26-27 Tokyo, Japan. Thu, 14 Feb 2008 11:30:38 -0500 http://www.cert.org/podcast/ Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Tue, 05 Feb 2008 10:47:48 -0500 http://www.cert.org/podcast/ Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Tue, 05 Feb 2008 10:38:57 -0500 http://www.cert.org/sse/square/square-description.html Workshop, tutorial, and academic educational materials on SQUARE (Security Quality Requirements Engineering) are now available for download. Tue, 22 Jan 2008 10:54:03 -0500 http://www.cert.org/podcast/ Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. Tue, 22 Jan 2008 10:20:34 -0500 http://www.cert.org/stats/ The numbers from the fourth quarter have been incorporated, completing the 2007 statistics. Tue, 15 Jan 2008 16:29:00 -0500 http://www.cert.org/insider_threat/ Insider Threat Study: Illicit Cyber Activity in the Government Sector and Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector have been released. These reports present the findings of research efforts to examine reported insider incidents within their respective sectors. Wed, 09 Jan 2008 08:54:15 -0500 http://www.cert.org/podcast/ Directors and senior executives are personally accountable for protecting information entrusted to their care. Tue, 08 Jan 2008 10:24:08 -0500