CINXE.COM

<!DOCTYPE html> <html lang="en">    <head><script type="text/javascript" src="https://web-static.archive.org/_static/js/bundle-playback.js?v=7YQSqjSh" charset="utf-8"></script> <script type="text/javascript" src="https://web-static.archive.org/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="https://web-static.archive.org/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://www.cert.org/insider-threat/","20170319012621","https://web.archive.org/","web","https://web-static.archive.org/_static/", "1489886781"); </script> <link rel="stylesheet" type="text/css" href="https://web-static.archive.org/_static/css/banner-styles.css?v=p7PEIJWi" /> <link rel="stylesheet" type="text/css" href="https://web-static.archive.org/_static/css/iconochive.css?v=3PDvdIFv" />  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta http-equiv="Content-Language" content="en-us"> <meta name="Description" id="Description" content="The CERT Insider Threat Center conducts empirical research and analysis to develop and transition socio-technical solutions to combat insider cyber threats."/> <meta name="Generator" id="Generator" content="CommonSpot Build 10.0.2.78"/> <meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="GSATaxonomyOutput" content="Insider Threat"/><meta name="GSATaxonomyUserRole" content=""/><meta name="format-detection" content="telephone=no"/> <title>Insider Threat | The CERT Division</title> <script> var jsDlgLoader = '/insider-threat/loader.cfm'; var jsSiteResourceLoader = '/cs-resources.cfm?r='; var jsSiteResourceSettings = {canCombine: false, canMinify: false}; </script>  <script type="text/javascript" src="/web/20170319012621js_/https://www.cert.org/commonspot/javascript/browser-all.js"></script>     <link rel="stylesheet" href="/web/20170319012621cs_/https://www.cert.org/style/default.css" type="text/css"/>   <script type="text/javascript">  </script><script> var jsDlgLoader = '/insider-threat/loader.cfm'; var jsSiteResourceLoader = '/cs-resources.cfm?r='; var jsSiteResourceSettings = {canCombine: false, canMinify: false}; </script>   <script type="text/javascript"> if(typeof scriptsLoaded === 'undefined') { var scriptsLoaded= new Array(); } //Load jQuery only once. if(!("jQuery" in scriptsLoaded)) { document.write('<script type="text\/javascript" src="\/ADF\/thirdParty\/jquery\/jquery-1.11.js"><\/script>'+'<script type="text/javascript"><\/script>'); scriptsLoaded["jQuery"] = true; } </script> <script type="text/javascript"> if(typeof scriptsLoaded === 'undefined') { var scriptsLoaded= new Array(); } //Load jQueryMigrate only once. if(!("jQueryMigrate" in scriptsLoaded)) { document.write('<script src="\/ADF\/thirdParty\/jquery\/migrate\/jquery-migrate-1.2.js"><\/script>'+'<script type="text/javascript"><\/script>'); scriptsLoaded["jQueryMigrate"] = true; } </script> <script type="text/javascript"> if(typeof scriptsLoaded === 'undefined') { var scriptsLoaded= new Array(); } //Load jQueryUI only once. if(!("jQueryUI" in scriptsLoaded)) { document.write('<script type=\'text\/javascript\' src=\'\/ADF\/thirdParty\/jquery\/ui\/jquery-ui-1.11\/js\/jquery-ui-1.11.js\'><\/script>'+'<script type="text/javascript"><\/script>'); scriptsLoaded["jQueryUI"] = true; } </script> <script type="text/javascript"> if(typeof scriptsLoaded === 'undefined') { var scriptsLoaded= new Array(); } //Load jQueryUIstyles only once. if(!("jQueryUIstyles" in scriptsLoaded)) { document.write('<link rel=\'stylesheet\' href=\'\/ADF\/thirdParty\/jquery\/ui\/jquery-ui-1.11\/css\/ui-lightness\/jquery-ui.css\' type=\'text\/css\' media=\'screen\' \/>'+'<script type="text/javascript"><\/script>'); scriptsLoaded["jQueryUIstyles"] = true; } </script> <script type="text/javascript"> if(typeof scriptsLoaded === 'undefined') { var scriptsLoaded= new Array(); } //Load fancybox only once. if(!("fancybox" in scriptsLoaded)) { document.write('<script type="text\/javascript" src="\/ADF\/thirdParty\/jquery\/fancybox\/jquery.fancybox-2.1.5.pack.js"><\/script><script type="text\/javascript">if(typeof scriptsLoaded === \'undefined\'){var scriptsLoaded= new Array();}if(!("jqueryeasing" in scriptsLoaded)){document.write(\'<script type="text\\/javascript" src="\\/ADF\\/thirdParty\\/jquery\\/easing\\/jquery.easing.1.3.js"><\\/script>\'+\'<script type="text\/javascript"><\\/script>\');scriptsLoaded["jqueryeasing"] = true;}<\/script> <script type="text\/javascript">if(typeof scriptsLoaded === \'undefined\'){var scriptsLoaded= new Array();}if(!("jquerymousewheel" in scriptsLoaded)){document.write(\'<script type="text\\/javascript" src="\\/ADF\\/thirdParty\\/jquery\\/mousewheel\\/jquery.mousewheel-3.0.4.pack.js"><\\/script>\'+\'<script type="text\/javascript"><\\/script>\');scriptsLoaded["jquerymousewheel"] = true;}<\/script> <link rel="stylesheet" href="\/ADF\/thirdParty\/jquery\/fancybox\/jquery.fancybox-2.1.5.css" type="text\/css" media="screen" \/>'+'<script type="text/javascript"><\/script>'); scriptsLoaded["fancybox"] = true; } </script> <link rel="canonical" href="https://web.archive.org/web/20170319012621/https://www.cert.org/insider-threat/"/><meta name="taxonomy" content="Insider Threat"> <meta name="docdate" content="2016-07-20">  <link rel="stylesheet" href="/web/20170319012621cs_/https://www.cert.org/templates/skins/cert-main/css/app.css"/> <style> @-ms-viewport { width: device-width; initial-scale: 1; zoom: 1; min-zoom: 1; max-zoom: 3; user-zoom: zoom; } @-moz-viewport{ width: device-width; } @viewport { width: device-width; initial-scale: 1; zoom: 1; min-zoom: 1; max-zoom: 3; user-zoom: zoom; } </style> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//web.archive.org/web/20170319012621/https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-145208-2', 'auto'); ga('create', 'UA-145208-5', 'auto', {'name': 'allProperties'}); // New tracker. ga('require', 'displayfeatures'); ga('allProperties.require', 'displayfeatures'); ga('send', 'pageview'); ga('allProperties.send', 'pageview'); </script>     <link rel="stylesheet" type="text/css" href="/web/20170319012621cs_/https://www.cert.org/commonspot/commonspot.css">  <meta name="viewport" content="width=device-width, initial-scale=1.0"/> </head><body lang="en" class="CS_Document"><a name="__topdoc__"></a>  <noscript> <iframe src="//web.archive.org/web/20170319012621if_/https://www.googletagmanager.com/ns.html?id=GTM-TTTPB7" height="0" width="0" style="display:none;visibility:hidden"></iframe> </noscript> <script> (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='//web.archive.org/web/20170319012621/https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-TTTPB7'); </script>     <div class="off-canvas-wrap" data-offcanvas> <div class="inner-wrap"> <div class="hide-for-large-up signature-wrapper"> <nav class="tab-bar"> <section class="left-small"> <a class="left-off-canvas-toggle menu-icon"><span></span></a> </section> <section class="middle tab-bar-section"> <a href="/web/20170319012621/https://www.cert.org/index.cfm"><img class="signature" alt="Software Engineering Institute | Carnegie Mellon University" src="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/img/CERT-SEI-CMU.svg"></a> </section> </nav> </div> <aside class="left-off-canvas-menu"> <ul class="off-canvas-list"> <li class="left-off-canvas-toggle"><a href="#">Close</a></li> <li><a href="/web/20170319012621/https://www.cert.org/index.cfm">Home</a></li> <li class="has-submenu"><a href="#">Work Areas</a> <ul class="left-submenu"> <li class="back"><a href="#">Back</a></li> <li><a href="/web/20170319012621/https://www.cert.org/resilience/">Cyber Risk and Resilience Management</a></li> <li><a href="/web/20170319012621/https://www.cert.org/cybersecurity-engineering/">Cybersecurity Engineering</a></li> <li><a href="/web/20170319012621/https://www.cert.org/digital-intelligence/">Digital Intelligence and Investigation</a></li> <li><a href="/web/20170319012621/https://www.cert.org/incident-management/">Incident Management</a></li> <li><a href="/web/20170319012621/https://www.cert.org/insider-threat/">Insider Threat</a></li> <li><a href="/web/20170319012621/https://www.cert.org/netsa/">Network Situational Awareness</a></li> <li><a href="/web/20170319012621/https://www.cert.org/secure-coding/">Secure Coding</a></li> <li><a href="/web/20170319012621/https://www.cert.org/vulnerability-analysis/">Vulnerability Analysis</a></li> </ul> </li> <li> <a href="/web/20170319012621/https://www.cert.org/engage/">Engage with Us</a> </li> <li class="has-submenu"><a href="#">Training</a> <ul class="left-submenu"> <li class="back"><a href="#">Back</a></li> <li><a href="/web/20170319012621/https://www.cert.org/training/">CERT Training Courses</a></li> <li><a href="/web/20170319012621/https://www.cert.org/curricula/">Curricula</a></li> <li><a href="/web/20170319012621/https://www.cert.org/cyber-workforce-development/">Cyber Workforce Development</a></li> </ul> </li> <li class="has-submenu"><a href="#">About Us</a> <ul class="left-submenu"> <li class="back"><a href="#">Back</a></li> <li><a href="/web/20170319012621/https://www.cert.org/about/">Overview</a></li> <li><a href="/web/20170319012621/https://www.cert.org/about/leadership/">Leadership</a></li> </ul> </li> <li><a href="/web/20170319012621/https://www.cert.org/news/">News</a></li> <li><a href="/web/20170319012621/https://www.cert.org/careers/">Careers</a></li> <li class="has-submenu"><a href="#">Information for</a> <ul class="left-submenu"> <li class="back"><a href="#">Back</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/researchers/">Researchers</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/developers/">Developers</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/system-administrators/">System Administrators</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/managers/">Managers</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/educators/">Educators</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/law-enforcement/">Law Enforcement</a></li> </ul> </li> </ul> </aside> <section class="main-section"> <a name="__topdoc__"></a>    <div class="superNav-wrapper show-for-large-up"> <div class="row"> <div class="column"> <ul class="superNavLinks left"> <li><a href="https://web.archive.org/web/20170319012621/https://www.cmu.edu/">CMU</a></li> <li><a href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/">SEI</a></li> <li><a class="current" href="https://web.archive.org/web/20170319012621/https://www.cert.org/">CERT Division</a></li> </ul> <ul class="superNavLinks right"> <li><a href="https://web.archive.org/web/20170319012621/https://resources.sei.cmu.edu/library/">Digital Library</a></li> <li><a href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/">SEI Insights</a></li> </ul> </div> </div> </div>       <div class="signature-wrapper show-for-large-up"> <div class="row"> <div class="large-9 medium-9 columns header-img-col"> <div class="signatureObject"> <a href="/web/20170319012621/https://www.cert.org/index.cfm"> <object height="100%" width="100%" data="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/img/CERT-SEI-CMU.svg" type="image/svg+xml"> <img src="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/img/CERTwht.png" alt="CERT-SEI" class="signature"/> </object></a> </div> </div> <div class="large-3 medium-3 columns"> <form method="get" action="/web/20170319012621/https://www.cert.org/searchresults.cfm" id="gsaSearch" name="gsaSearch"> <div class="search-field"> <input id="q" type="text" value="What are you looking for?" onblur="this.value=!this.value?'Search':this.value;" onfocus="this.select()" onclick="this.value='';" name="q"></input> <input class="search-button" type="image" src="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/img/searchIcon.jpg" alt="Execute Search" value=""/> </div> </form> </div> </div> </div>     <div class="certmenu_wrapper"> <div class="certmenu_dark_theme show-for-large-up row"> <div class="certmenu_container large-12 medium-12 columns"> <ul class="certmenu">  <li class="certmenu_button"><a href="#">SEI Menu</a></li> <li class="menuitem_fullwidth"><a href="#" class="menuitem_drop">Work Areas <i class="fa fa-caret-down"></i></a> <div class="row dropdown_fullwidth"> <div class="col_one_third">  <h2><strong>Welcome to CERT</strong></h2> <ul> <li><a href="/web/20170319012621/https://www.cert.org/resilience/">Cyber Risk and Resilience Management</a></li> <li><a href="/web/20170319012621/https://www.cert.org/cybersecurity-engineering/">Cybersecurity Engineering</a></li> <li><a href="/web/20170319012621/https://www.cert.org/digital-intelligence/">Digital Intelligence and Investigation</a></li> <li><a href="/web/20170319012621/https://www.cert.org/incident-management/">Incident Management</a></li> <li><a href="/web/20170319012621/https://www.cert.org/insider-threat/">Insider Threat</a></li> <li><a href="/web/20170319012621/https://www.cert.org/netsa/">Network Situational Awareness</a></li> <li><a href="/web/20170319012621/https://www.cert.org/secure-coding/">Secure Coding</a></li> <li><a href="/web/20170319012621/https://www.cert.org/vulnerability-analysis/">Vulnerability Analysis</a></li> </ul>  </div> <div class="col_one_third whiteBG"> <h2><strong>New Publications</strong></h2> <ul class="glb-nav-publications">  <li class=""> <a href="https://web.archive.org/web/20170319012621/https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=493609" target="_blank">Software Solutions Symposium 2017 - Informational Brochure</a> </li> <li class=""> <a href="https://web.archive.org/web/20170319012621/https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=485916" target="_blank">Supply Chain and Commercial-off-the-Shelf (COTS) Assurance</a> </li> <li class=""> <a href="https://web.archive.org/web/20170319012621/https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484882" target="_blank">SQUARE Frequently Asked Questions (FAQ)</a> </li> <li class=""> <a href="https://web.archive.org/web/20170319012621/https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484863" target="_blank">Using Malware Analysis to Identify Overlooked Security Requirements (MORE)</a> </li> <li class=""> <a href="https://web.archive.org/web/20170319012621/https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484738" target="_blank">Common Sense Guide to Mitigating Insider Threats, 5th Edition</a> </li>  </ul> </div> <div class="col_one_third">  <h2><strong><a href="/web/20170319012621/https://www.cert.org/about/">About CERT</a></strong></h2> <img src="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/img/National_Security.jpg" alt="CERT-SEI" height="150" width="150"> <p style="padding: 10px 38px 0 0;">Our mission at the CERT Division is to anticipate and solve the nation's cybersecurity challenges.</p> <p><a href="/web/20170319012621/https://www.cert.org/about/">Learn more <i class="icon-angle-right"></i></a></p>  </div> </div>  </li>  <li class="menuitem_nodrop"><a href="/web/20170319012621/https://www.cert.org/engage/">Engage with Us</a></li> <li><a href="#" class="menuitem_drop">Training <i class="fa fa-caret-down"></i></a> <div class="dropdown_1column dropdown_flyout">  <ul class="levels"> <li><a href="/web/20170319012621/https://www.cert.org/training/">CERT Training Courses</a></li> <li><a href="/web/20170319012621/https://www.cert.org/curricula/">Curricula</a></li> <li><a href="/web/20170319012621/https://www.cert.org/cyber-workforce-development/">Cyber Workforce Development</a></li> </ul>  </div> </li>  <li><a href="#" class="menuitem_drop">About Us <i class="fa fa-caret-down"></i></a> <div class="dropdown_1column dropdown_flyout">  <ul class="levels"> <li><a href="/web/20170319012621/https://www.cert.org/about/">Overview</a></li> <li><a href="/web/20170319012621/https://www.cert.org/about/leadership/">Leadership</a></li> </ul>  </div> </li> <li class="menuitem_nodrop"><a href="/web/20170319012621/https://www.cert.org/news/">News</a></li> <li class="menuitem_nodrop"><a href="/web/20170319012621/https://www.cert.org/careers/">Careers</a></li> <li class="menuitem_right information-for"><a href="#" class="menuitem_drop">Information for <i class="icon-caret-down right"></i></a> <div class="dropdown_2columns dropdown_right">  <ul> <li><a href="/web/20170319012621/https://www.cert.org/information-for/researchers/">Researchers</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/developers/">Developers</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/system-administrators/">System Administrators</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/managers/">Managers</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/educators/">Educators</a></li> <li><a href="/web/20170319012621/https://www.cert.org/information-for/law-enforcement/">Law Enforcement</a></li> </ul>  </div> </li> </ul> </div> </div> </div>    <style> .jsnoshow{ display:none; } </style> <div class="row hide-for-small"> <div class="breadcrumb-wrapper"> <div class="large-9 medium-9 columns"> <div id="cs_control_1453" class="cs_control CS_Element_LinkBar"> <ul id="breadCrumbLinks"> <li><a href="/web/20170319012621/https://www.cert.org/">Home</a></li> <i class="icon-angle-right"></i> <li>Insider Threat</li> </ul> </div> </div> <div class="large-3 medium-3 columns" id="utilityMenuContainer"> <ul class="utilityMenu"> <li id="share"> <a href="/web/20170319012621/https://www.cert.org/cert_share_page.cfm?sharePageURL=/insider-threat/index.cfm&sharePageTitle=Insider%20Threat" class="iframe share" title="Share this Page"><i class="icon-share"></i> Share</a> </li> <li id="print"> <a href="javascript:window.print()" class="print"><i class="icon-print"></i> Print</a> </li> <span class="stretcher"></span> </ul> </div> </div> </div> <div class="clear"></div>    <div class="row hide-for-large-up"> <div class="large-12 columns"> <form method="get" action="/web/20170319012621/https://www.cert.org/searchresults.cfm"> <div class="search-field"> <input id="q" type="text" value="What are you looking for?" onblur="this.value=!this.value?'Search':this.value;" onfocus="this.select()" onclick="this.value='';" name="q"></input> <input class="search-button" type="image" src="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/img/searchIcon.jpg" alt="Execute Search" value=""></input> </div> </form> </div> </div>    <div class="row"> <div class="large-2 medium-2 columns"> <div class="hide-for-small-only"> <ul class="localNav" id="collapsing-nav"><li class="navTree1" id="node1"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/index.cfm">Overview</a></span></li><li class="navTree1" id="node2"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/index.cfm">Research</a></span> <ul class="localNavNested"><li class="navTree2" id="node21"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/database.cfm">Database</a></span></li><li class="navTree2" id="node22"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/controls-and-indicators.cfm">Controls and Indicators</a></span></li><li class="navTree2" id="node23"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/Case-Analysis-and-Best-Practices.cfm">Case Analysis</a></span></li><li class="navTree2" id="node24"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/Modeling-and-Simulation.cfm">Modeling and Simulation</a></span></li><li class="navTree2" id="node25"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/cybersecurity-watch-survey.cfm">Cybersecurity Watch Survey</a></span></li></ul> </li><li class="navTree1" id="node3"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/publications/index.cfm">Publications</a></span></li><li class="navTree1" id="node4"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/tools/index.cfm">Tools</a></span></li><li class="navTree1" id="node5"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/products-services/index.cfm">Products & Services</a></span></li><li class="navTree1" id="node6"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/best-practices/index.cfm">Best Practices</a></span></li></ul> </div> <div id="cs_control_1389" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_SideColumnContainer"> </div> </div> </div> <div class="large-10 medium-10 columns"> <div class="row collapse"> <div class="large-12 medium-12 mainContent"> <div class="large-12 medium-12"> <div id="cs_control_158074" class="cs_control CS_Element_Custom"> <div class="row owllanding"> <div class="large-12 medium-12"> <div id="owl-hero" class="owl-carousel owl-theme"> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/CERT_Homepage_4_13_16.jpg" alt="The CERT Guide to Insider Threats Named to Cybersecurity Canon"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>The CERT Guide to Insider Threats Named to Cybersecurity Canon</h2> <p>The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes will be inducted into the Cybersecurity Canon in 2016.</p> <p><a href="https://web.archive.org/web/20170319012621/http://www.sei.cmu.edu/news/article.cfm?assetID=453778&article=097&year=2016" id="callToAction">Read More <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/CERT-Insider_threat-Vulnerability-Certificate3.jpg" alt="The Insider Threat Vulnerability Assessor (ITVA) Certificate"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>The Insider Threat Vulnerability Assessor (ITVA) Certificate</h2> <p>The ITVA certificate program enables assessors to help organizations gain a better understanding of their insider threat risk and an enhanced ability to identify and manage associated risks.</p> <p><a href="https://web.archive.org/web/20170319012621/http://cert.org/insiderthreat/insider-threat-vulnerability-assessor-itva-certificate.cfm" id="callToAction">Register for this program <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/InsiderThreatTrainingCertificates2.jpg" alt="Insider Threat Certificates and Training"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>Insider Threat Certificates and Training</h2> <p>Our Insider Threat training and certificate programs are available for program managers, vulnerability assessors, and program evaluators.</p> <p><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insiderthreat/" id="callToAction">Explore these training opportunities <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/Insider_Threat_7_31.jpg" alt="Insider Threat Program Manager Certificate"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>Insider Threat Program Manager Certificate</h2> <p>Registration is now open for the CERT Insider Threat Program Manager (ITPM) Certificate training and exam.</p> <p><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insiderthreat/insider-threat-program-manager-itpm-certificate.cfm" id="callToAction">Sign up for the ITPM certificate program <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/insider-threat-landing-page-common-sense-guide.jpg" alt="Common Sense Guide to Mitigating Insider Threats"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>Common Sense Guide to Mitigating Insider Threats</h2> <p>The 5th edition provides the most current recommendations of the CERT Division, based on research and analysis of an expanded database of more than 700 insider threat cases.</p> <p><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484738" id="callToAction">Download the guide <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/Insider_Threat_3_1.jpg" alt="The CERT Guide to Insider Threats"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>The CERT Guide to Insider Threats</h2> <p>Our book, the CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, is available at book stores and online.</p> <p><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=30310" id="callToAction">Learn more about the book <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/Insider_Threat_2_1.jpg" alt="Custom Onsite Workshops"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>Custom Onsite Workshops</h2> <p>Learn how to develop an effective, comprehensive strategy that helps you to monitor for insider activity.</p> <p><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/products-services/workshops.cfm" id="callToAction">Learn about custom onsite workshops <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/Work_Area_Publications.jpg" alt="SEI Book Series in Software Engineering"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>SEI Book Series in Software Engineering</h2> <p>Our SEI researchers write books covering software engineering topics for this series of books published by Addison-Wesley Professional.</p> <p><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=465870" id="callToAction">Browse recent books in the collection <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/Insider_Threat_5_1.jpg" alt="Insider Threat Database"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>Insider Threat Database</h2> <p> Our work is based on analyses of information in the CERT insider threat database, which documents more than 700 insider threat cases.</p> <p><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/research/database.cfm" id="callToAction">Learn more about the insider threat database <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/generic-engage-02.jpg" alt="Engage with Us"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>Engage with Us</h2> <p>Insider threats involve real people, so our research and solutions depend on engagements with the real world. Work with us to combat insider threats.</p> <p><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/engage-with-us.cfm" id="callToAction">Explore how you can work with us <i class="icon-angle-right"></i></a></p> </div> </div> <div class="item"> <img class="lazyOwl" data-src="/rotatorimages/images/CERT_Careers.jpg" alt="CERT Is Hiring"> <div class="description" style="display:inherit"> <h1>Insider Threat</h1> <h2>CERT Is Hiring</h2> <p>Your top-notch skills and knowledge can help us make a difference in our nation’s cybersecurity. Explore our career opportunities today. </p> <p><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/careers/" id="callToAction">Learn more <i class="icon-angle-right"></i></a></p> </div> </div> </div> </div> </div> </div> </div> <div clear="clear"></div> <div class="show-for-small-only small-12 columns"> <ul class="localNav" id="collapsing-nav"><li class="navTree1" id="node1"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/index.cfm">Overview</a></span></li><li class="navTree1" id="node2"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/index.cfm">Research</a></span> <ul class="localNavNested"><li class="navTree2" id="node21"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/database.cfm">Database</a></span></li><li class="navTree2" id="node22"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/controls-and-indicators.cfm">Controls and Indicators</a></span></li><li class="navTree2" id="node23"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/Case-Analysis-and-Best-Practices.cfm">Case Analysis</a></span></li><li class="navTree2" id="node24"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/Modeling-and-Simulation.cfm">Modeling and Simulation</a></span></li><li class="navTree2" id="node25"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/research/cybersecurity-watch-survey.cfm">Cybersecurity Watch Survey</a></span></li></ul> </li><li class="navTree1" id="node3"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/publications/index.cfm">Publications</a></span></li><li class="navTree1" id="node4"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/tools/index.cfm">Tools</a></span></li><li class="navTree1" id="node5"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/products-services/index.cfm">Products & Services</a></span></li><li class="navTree1" id="node6"><span><a href="/web/20170319012621/https://www.cert.org/insider-threat/best-practices/index.cfm">Best Practices</a></span></li></ul> </div> <div id="cs_control_1387" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_MainContentContainer"> <div id="gridRow_1_1_1387" class="cs_GridRow"> <div id="gridCol_1_1_1_1_1387" class="cs_GridColumn"> <div id="cs_control_5192" class="cs_control CS_Element_CustomCF"> <div id="CS_CCF_7109_5192">    <div class="row mainContentColumns"> <div class="large-12 columns mainContentColumn"> <div id="cs_control_1816" class="cs_control CS_Element_Textblock"> <div class="mc-work-area"> <p>Did you know that cyberattacks from employees and other insiders is a common problem that you should be planning for and preventing? Insiders pose a substantial threat to your organization because they have the knowledge and access to proprietary systems that allow them to bypass security measures through legitimate means. The nature of insider threats is different from other cybersecurity challenges; these threats require a different strategy for preventing and addressing them. </p><p>At the <a id="CP___PAGEID=179606,cert-insider-threat-center.cfm,43|" href="/web/20170319012621/https://www.cert.org/insider-threat/cert-insider-threat-center.cfm">CERT Insider Threat Center</a> at Carnegie Mellon’s Software Engineering Institute (SEI), we are devoted to combatting cybersecurity issues. Our research has uncovered information that can help you identify potential and realized insider threats in your organization, institute ways to prevent them, and establish processes to deal with them if they do happen.</p><p><cspasteout id="csPasteouter"><strong>Our Mission</strong>: We enable effective insider threat programs by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats.</cspasteout><br> </p> </div> </div> <div id="cs_control_12950" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_12950"> </div> </div> </div> </div> <div class="clear"></div>    </div> </div> </div> </div> </div> </div> </div> </div> </div> </div>    <div class="tab-wrapper work-area-bottom-tabs">    <div id="cs_control_1496" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_TabBottomContainer"> <div id="gridRow_1_1_1496" class="cs_GridRow"> <div id="gridCol_1_1_1_1_1496" class="cs_GridColumn"> <div id="cs_control_5193" class="cs_control CS_Element_CustomCF"> <div id="CS_CCF_7109_5193">    <div id="tabset" class="row"> <div class="large-2 medium-2 columns"></div> <div class="large-10 medium-10 columns"> <ul class="tabs tab-push"> <li class="active"> <a href="#simple1"> Key Capabilities </a> </li> <li> <a href="#simple2"> What's New </a> </li> <li> <a href="#simple4"> Featured Work </a> </li> </ul> <div class="active row" id="simple1"> <div id="cs_control_1489" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_1489"> <div id="gridRow_1_1_1489" class="cs_GridRow"> <div id="gridCol_1_1_1_1_1489" class="cs_GridColumn"> <div id="cs_control_5194" class="cs_control CS_Element_CustomCF"> <div id="CS_CCF_7109_5194">    <div class="row"> <div class="large-8 columns"> <div id="cs_control_2015" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_2015"> <div id="gridRow_1_1_2015" class="cs_GridRow"> <div id="gridCol_1_1_1_1_2015" class="cs_GridColumn"> <div id="cs_control_5209" class="cs_control CS_Element_Textblock"> </div> <div id="cs_control_158089" class="cs_control CS_Element_Custom"> <div class="r-capabilities"> <div class="r-capabilities-entry"> <div class="r-capabilities-image"> <a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/research/controls-and-indicators.cfm"> <img src="/web/20170319012621im_/https://www.cert.org/rotatorimages/images/Insider_Threat_KC_1.png" alt="We create technical controls and indicators. "/> </a> </div> <div class="r-capabilities-text"> <h3><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/research/controls-and-indicators.cfm">We create technical controls and indicators. </a></h3> Using our wealth of socio-technical information on insider crimes, our CERT insider threat lab creates controls and indicators for preventing, detecting, and responding to insider incidents. </div> </div> <div class="r-capabilities-entry"> <div class="r-capabilities-image"> <a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/research/Case-Analysis-and-Best-Practices.cfm"> <img src="/web/20170319012621im_/https://www.cert.org/rotatorimages/images/Insider_Threat_KC_2.png" alt="We conduct case analyses and develop best practices. "/> </a> </div> <div class="r-capabilities-text"> <h3><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/research/Case-Analysis-and-Best-Practices.cfm">We conduct case analyses and develop best practices. </a></h3> In 2002, we collected approximately 150 insider threat cases in the U.S. critical infrastructure sectors and examined them from technical and behavioral perspectives. The scope and body of our case analyses continue today, which allows us to publish best practices for the mitigation of insider threats. </div> </div> <div class="r-capabilities-entry"> <div class="r-capabilities-image"> <a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/research/Modeling-and-Simulation.cfm"> <img src="/web/20170319012621im_/https://www.cert.org/rotatorimages/images/Insider_Threat_KC_3.png" alt="We model and simulate insider threat. "/> </a> </div> <div class="r-capabilities-text"> <h3><a href="https://web.archive.org/web/20170319012621/http://www.cert.org/insider-threat/research/Modeling-and-Simulation.cfm">We model and simulate insider threat. </a></h3> Our MERIT project combines empirical data and system dynamics modeling and simulation to illustrate the big picture and complexity of the insider threat problem. We also collaborate with the U.S. Department of Defense on espionage research. </div> </div> </div> </div> </div> </div> </div> </div> </div> <div class="large-4 columns"> <div id="cs_control_2018" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_2018"> <div id="gridRow_1_1_2018" class="cs_GridRow"> <div id="gridCol_1_1_1_1_2018" class="cs_GridColumn"> <div id="cs_control_5210" class="cs_control CS_Element_Textblock"> <div class="sb-engage"> <h3>Combat Insider Threats</h3> <p>Insider threats involve real people, so our research and solutions depend on engagements with the real world. Work with us to combat insider threats.</p> <p><a id="CP___PAGEID=12938,engage-with-us.cfm,43|" class="button" href="/web/20170319012621/https://www.cert.org/insider-threat/engage-with-us.cfm">Engage with Us</a></p> </div> </div> <div id="cs_control_5213" class="cs_control CS_Element_Textblock"> </div> </div> </div> </div> </div> </div> </div> <div class="clear"></div>    </div> </div> </div> </div> </div> </div> </div> <div class="row" id="simple2"> <div id="cs_control_1490" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_1490"> <div id="gridRow_1_1_1490" class="cs_GridRow"> <div id="gridCol_1_1_1_1_1490" class="cs_GridColumn"> <div id="cs_control_24845" class="cs_control CS_Element_CustomCF"> <div id="CS_CCF_7109_24845">    <div class="row"> <div class="large-8 columns"> <div id="cs_control_2138" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_2138"> <div id="gridRow_1_1_2138" class="cs_GridRow"> <div id="gridCol_1_1_1_1_2138" class="cs_GridColumn"> <div id="cs_control_5230" class="cs_control CS_Element_Custom"> <div class="dam-listing-wrapper"> <h3 class="dam-heading">News & Announcements</h3> <ul class="dam-asset"> <li class="assetPadding"> <span class="assetDateType">02/16/2017</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=494017" target="_blank">Trzeciak discusses new edition of Common Sense Guide to Mitigating Insider Threats</a></span> <span class="assetDescription">Interview with GovInfo Security</span> </li> <li class="assetPadding"> <span class="assetDateType">02/08/2017</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=493750" target="_blank">CERT Releases Updated Insider Threat Guidebook</a></span> <span class="assetDescription">The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University today announced the release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats, which is available for download on the SEI website.</span> </li> </ul> </div> </div> <div id="cs_control_5242" class="cs_control CS_Element_Custom"> <div class="dam-listing-wrapper"> <h3 class="dam-heading">Publications & Media</h3> <ul class="dam-asset"> <li class="assetPadding"> <span class="assetDateType">12/21/2016</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484738" target="_blank">Common Sense Guide to Mitigating Insider Threats, 5th Edition</a></span> <span class="assetDescription">Presents recommendations for mitigating insider threat based on CERT's continued research and analysis of over 1,000 cases.</span> </li> <li class="assetPadding"> <span class="assetDateType">12/15/2016</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484917" target="_blank">The Critical Role of Positive Incentives for Reducing Insider Threats</a></span> <span class="assetDescription">This report describes how positive incentives complement traditional practices to provide a better balance for organizations’ insider threat programs. </span> </li> <li class="assetPadding"> <span class="assetDateType">12/12/2016</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484615" target="_blank">Low Cost Technical Solutions to Jump Start an Insider Threat Program</a></span> <span class="assetDescription">This technical note explores free and low cost technical solutions to help organizations prevent, detect, and respond to malicious insiders.</span> </li> <li class="assetPadding"> <span class="assetDateType">12/06/2016</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=484385" target="_blank">SEI Education and Training Catalog</a></span> <span class="assetDescription">This catalog describes SEI training and certificates that help you tackle today's software, systems, and cybersecurity challenges. </span> </li> <li class="assetPadding"> <span class="assetDateType">07/15/2016</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=465647" target="_blank">How to Build an Effective Insider Threat Program to Comply With the New NISPOM Mandate</a></span> <span class="assetDescription">In this webinar, Randy Trzeciak, Technical Manager of the CERT Insider Threat Center, described the summary of new requirements mandated by NISPOM Change 2 and the impact it will have on DoD contracting organizations.</span> </li> </ul> </div> </div> </div> </div> </div> </div> </div> <div class="large-4 columns"> <div id="cs_control_2139" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_2139"> <div id="gridRow_1_1_2139" class="cs_GridRow"> <div id="gridCol_1_1_1_1_2139" class="cs_GridColumn"> <div id="cs_control_24284" class="cs_control CS_Element_Custom"> <div class="dam-listing-wrapper blog-wrapper"> <h3 class="dam-heading">Most Recent Blog Posts</h3> <ul class="dam-asset"> <li> <span class="assetDateType">03/07/2017</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/insider-threat/2017/03/cert-definition-of-insider-threat---updated.html" target="_self">CERT Definition of 'Insider Threat' - Updated</a></span> </li> <li> <span class="assetDateType">12/16/2016</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/insider-threat/2016/12/defending-against-phishing.html" target="_self">Defending Against Phishing</a></span> </li> <li> <span class="assetDateType">12/14/2016</span> <span class="assetTitle"><a href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/insider-threat/2016/12/sentiment-analysis-in-the-context-of-insider-threat.html" target="_self">Sentiment Analysis in the Context of Insider Threat</a></span> </li> </ul> <p> <a href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/">Read more blog posts <i class="icon-angle-right"></i></a> </p> </div> </div> <div id="cs_control_24289" class="cs_control CS_Element_Custom"> <img src="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/images/CERT_Podcast_Series_Header.jpg"/> <div class="dam-listing-wrapper podcast-wrapper"> <h3 class="dam-heading"> Most Recent Podcast </h3> <ul class="dam-asset-bullets square"> <li class=""> <span class="assetTitle"> <a href="/web/20170319012621/https://www.cert.org/podcasts/podcast_episode.cfm?episodeid=C88A940E-E281-B6FB-0D960A12B0164B5C&pageid=48501" target="_blank"> Mitigating Insider Threat - New and Improved Practices Fourth Edition </a> </span> </li> </ul> <p> <a href="/web/20170319012621/https://www.cert.org/podcasts/" class="hiddenRecordToggle"> Listen to more podcasts <i class="icon-angle-right"></i> </a> </p> </div> </div> </div> </div> </div> </div> </div> </div> <div class="clear"></div>    </div> </div> </div> </div> </div> </div> </div> <div class="row" id="simple4"> <div id="cs_control_1549" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_1549"> <div id="gridRow_1_1_1549" class="cs_GridRow"> <div id="gridCol_1_1_1_1_1549" class="cs_GridColumn"> <div id="cs_control_5197" class="cs_control CS_Element_CustomCF"> <div id="CS_CCF_7109_5197">    <div class="row"> <div class="large-8 columns"> <div id="cs_control_2147" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_2147"> <div id="gridRow_1_1_2147" class="cs_GridRow"> <div id="gridCol_1_1_1_1_2147" class="cs_GridColumn"> <div id="cs_control_16878" class="cs_control CS_Element_Textblock"> <div class="CS_Textblock_Text" style="text-align:left"><h2>Certificates and Training Programs</h2> <p><a class="CP___PAGEID_28575" href="https://web.archive.org/web/20170319012621/http://www.cert.org/insiderthreat/">Insider Threat Training and Certificates</a> <br>Our Insider Threat training and certificate programs are available for program managers, vulnerability assessors, and program evaluators.</p> <h2>Fraud</h2> <p> <a class="CP___PAGEID_2260" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=34017">Common Sense Guide to Mitigating Insider Threats, 4th Edition</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this report, the authors define insider threats and outline current insider threat patterns and trends.</span> </span> </span> </p> <p> <a class="CP___PAGEID_2305" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=28204">Insider Fraud in Financial Services</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this brochure, the authors present the findings of a study that analyzed computer criminal activity in the financial services sector.</span> </span> </span> </p> <p> <a class="CP___PAGEID_2317" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=27971">Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Service Sector</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.</span> </span> </p> <p> <a class="CP___PAGEID_7453" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=52138">Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this 2006 presentation, the authors describe the lessons they learned from analyzing real-life fraud, theft, and sabotage incidents.</span> </span> </span> </p> <p> <a class="CP___PAGEID_2414" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=30310"> <em>The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)</em> </a> <br> <span class="assetItem"> <span class="assetItem">In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.</span> </span> </p> <h2>Theft of Intellectual Property</h2> <p> <a class="CP___PAGEID_2402" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=10131">A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors present techniques for helping organizations plan, prepare, and implement means to mitigate insider theft of intellectual property.</span> </span> </p> <p> <a class="CP___PAGEID_2479" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=9855">A Preliminary Model of Insider Theft of Intellectual Property</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.</span> </span> </p> <p> <a class="CP___PAGEID_2551" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=9807">An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors provide an overview of techniques used by malicious insiders to steal intellectual property.</span> </span> </p> <p> <a class="CP___PAGEID_2260" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=34017">Common Sense Guide to Mitigating Insider Threats, 4th Edition</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this report, the authors define insider threats and outline current insider threat patterns and trends.</span> </span> </span> </p> <p> <a class="CP___PAGEID_7358" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=51656">Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model</a> <br> <span class="assetItem"> <span class="assetItem">In this paper, the authors describe general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.</span> </span> </p> <p> <a class="CP___PAGEID_4623" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=10779">Intellectual Property Protection For Software</a> <br> <span class="assetItem"> <span class="assetItem">In this curriculum module, the authors provide an overview of the U.S. intellectual property laws that govern software creation, allocation, and enforcement.</span> </span> </p> <p> <a class="CP___PAGEID_2238" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=41110">Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors justify applying the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders."</span> </span> </p> <p> <a class="CP___PAGEID_2174" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=48668">Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.</span> </span> </p> <h2>Sabotage</h2> <p> <a class="CP___PAGEID_7442" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=52076">A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage</a> <br> <span class="assetItem"> <span class="assetItem">In this presentation, the authors describe an interactive case example of insider threat, discuss key sabotage observations, and provide an overview of MERIT.</span> </span> </p> <p> <a class="CP___PAGEID_6156" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=52387">Chronological Examination of Insider Threat Sabotage: Preliminary Observations</a> <br> <span class="assetItem"> <span class="assetItem">In this paper, the authors examine 15 cases of insider threat sabotage of IT systems to identify points in the attack time-line.</span> </span> </p> <p> <a class="CP___PAGEID_7270" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=52429">Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab</a> <br> <span class="assetItem"> <span class="assetItem">In this presentation, the authors discuss crime profiles and countermeasures related to insider IT sabotage.</span> </span> </p> <p> <a class="CP___PAGEID_2260" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=34017">Common Sense Guide to Mitigating Insider Threats, 4th Edition</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this report, the authors define insider threats and outline current insider threat patterns and trends.</span> </span> </span> </p> <p> <a class="CP___PAGEID_3311" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=8163">Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.</span> </span> </p> <p> <a class="CP___PAGEID_7478" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=51934">Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors seek to close the gaps in the literature that make it difficult for organizations to fully understand the insider threat.</span> </span> </p> <p> <a class="CP___PAGEID_7453" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=52138">Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this 2006 presentation, the authors describe the lessons they learned from real-world fraud, theft, and sabotage incidents.</span> </span> </span> </p> <p> <a class="CP___PAGEID_3284" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=8031">Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks</a> <br> <span class="assetItem"> <span class="assetItem">In this 2006 report, the authors describe MERIT insider threat model and simulation results.</span> </span> </p> <p> <a class="CP___PAGEID_7459" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=52030">Preventing Insider Sabotage: Lessons Learned From Actual Attacks</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this 2005 presentation, Dawn Cappelli discusses preventing insider threat sabotage.</span> </span> </span> </p> <p> <a class="CP___PAGEID_7475" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=52223">Secret Service and CERT Release Report Analyzing Acts of Insider Sabotage via Computer Systems in Critical Infrastructure Sectors</a> <br> <span class="assetItem">This press release describes the second in a series of reports focusing on insider threats to information systems and data in critical infrastructure sectors.</span> </p> <p> <a class="CP___PAGEID_3017" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=8703">The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.</span> </span> </p> <p> <a class="CP___PAGEID_2414" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=30310"> <em>The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)</em> </a> <br> <span class="assetItem"> <span class="assetItem">In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.</span> </span> </p> <h3>Espionage</h3> <p> <a class="CP___PAGEID_2260" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=34017">Common Sense Guide to Mitigating Insider Threats, 4th Edition</a> <br> <span class="assetItem"> <span class="assetitem"> <span>In this report, the authors define insider threats and outline current insider threat patterns and trends.</span> </span> </span> </p> <p> <a class="CP___PAGEID_3311" href="https://web.archive.org/web/20170319012621/http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=8163">Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis</a> <br> <span class="assetItem"> <span class="assetItem">In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.</span> </span> </p></div> </div> </div> </div> </div> </div> </div> <div class="large-4 columns"> <div id="cs_control_2155" class="cs_control CS_Element_Schedule"> <div title="" id="CS_Element_7109_2155"> <div id="gridRow_1_1_2155" class="cs_GridRow"> <div id="gridCol_1_1_1_1_2155" class="cs_GridColumn"> <div id="cs_control_18304" class="cs_control CS_Element_Custom"> </div> <div id="cs_control_20018" class="cs_control CS_Element_CustomCF"> <div id="CS_CCF_7109_20018"> <div class="sb-engage"> <h3 class="dam-heading">Related Training</h3> <ul> <li><a href="https://web.archive.org/web/20170319012621/http://www.sei.cmu.edu/training/V27.cfm">Building an Insider Threat Program</a></li> <li><a href="https://web.archive.org/web/20170319012621/http://www.sei.cmu.edu/training/V29.cfm">Insider Threat Awareness Training</a></li> <li><a href="https://web.archive.org/web/20170319012621/http://www.sei.cmu.edu/training/P110.cfm">Insider Threat Program Manager: Implementation and Operation</a></li> <li><a href="https://web.archive.org/web/20170319012621/http://www.sei.cmu.edu/training/V28.cfm">Insider Threat Program Manager Certificate Examination</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> <div class="clear"></div>    </div> </div> </div> </div> </div> </div> </div> </div>  </div> <div class="clear"></div> <script> document.getElementById("tabs-hasJavascript").style.marginTop = '60px'; </script>    </div> </div> </div> </div> </div> </div>    </div>     <div class="footer-top"> <div class="row"> <div class="large-2 medium-2 columns hide-for-small-only"> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white ">Work Areas</li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/resilience/">Cyber Risk and Resilience Management</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/cybersecurity-engineering/">Cybersecurity Engineering</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/digital-intelligence/">Digital Intelligence and Investigation</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/incident-management/">Incident Management</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/insider-threat/">Insider Threat</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/netsa/">Network Situational Awareness</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/secure-coding/">Secure Coding</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/vulnerability-analysis/">Vulnerability Analysis</a></li> </ul> </div> <div class="large-2 medium-2 columns hide-for-small-only"> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white ">Workforce Development</li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/training/">CERT Training Courses</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/curricula/">Curricula</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/cyber-workforce-development/">Cyber Workforce Development</a></li> </ul> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white ">Blogs</li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/cert/">CERT/CC Blog</a></li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/insider-threat/">Insider Threat Blog</a></li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://insights.sei.cmu.edu/">SEI Blog</a></li> </ul> </div> <div class="large-2 medium-2 columns hide-for-small-only"> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white ">Information for</li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/information-for/researchers/">Researchers</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/information-for/developers/">Developers</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/information-for/system-administrators/">System Administrators</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/information-for/managers/">Managers</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/information-for/educators/">Educators</a></li> <li><a class="footer" href="/web/20170319012621/https://www.cert.org/information-for/law-enforcement/">Law Enforcement</a></li> </ul> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white ">SEI Resources</li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://resources.sei.cmu.edu/"> Digital Library </a></li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/events/">Events</a></li> </ul> </div> <div class="large-2 medium-2 columns hide-for-small-only"> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white "><a class="footer" href="/web/20170319012621/https://www.cert.org/engage/">Engage with Us</a> </li> </ul> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white "><a class="footer" href="/web/20170319012621/https://www.cert.org/about/">About Us</a> </li> </ul> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white "><a class="footer" href="/web/20170319012621/https://www.cert.org/news/">News</a> </li> </ul> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white "><a class="footer" href="/web/20170319012621/https://www.cert.org/careers">Careers</a> </li> </ul> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white">Legal</li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/legal/">Terms of Use</a></li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/legal/privacy/index.cfm">Privacy Statement</a></li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/legal/ip/index.cfm">Intellectual Property</a></li> </ul> </div> <div class="large-2 medium-2 columns end"> <div class="show-for-small-only"> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white"> <a href="/web/20170319012621/https://www.cert.org/index.cfm?desktop=true" class="footer"><i class="fa fa-desktop"></i> Desktop View</a> </li> </ul> </div> <div id="social"> <ul class="no-bullet footer-nav-list"> <li class="footer-nav-title white ">Connect with Us</li> </ul> <ul class="inline-list"> <li id="rss"><a href="/web/20170319012621/https://www.cert.org/rss/index.cfm" title="RSS">RSS</a></li> <li id="twitter"><a href="https://web.archive.org/web/20170319012621/https://twitter.com/CERT_Division" title="Twitter">Twitter</a></li> <li id="linkedin"><a href="https://web.archive.org/web/20170319012621/https://www.linkedin.com/company/cert" title="Linked In">Linked In</a></li> </ul> <ul class="no-bullet footer-nav-list"> <li>4500 Fifth Avenue</li> <li>Pittsburgh, PA 15213-2612</li> <li>U.S.A.</li> <li>412-268-5800</li> </ul> <ul class="no-bullet footer-nav-list show-for-small-only"> <li class="footer-nav-title white">Legal</li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/legal/">Terms of Use</a></li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/legal/privacy/index.cfm">Privacy Statement</a></li> <li><a class="footer" href="https://web.archive.org/web/20170319012621/https://www.sei.cmu.edu/legal/ip/index.cfm">Intellectual Property</a></li> </ul> <a href="/web/20170319012621/https://www.cert.org/contact/?refPage=7109" class="btn-footer-contact">Contact Us</a> </div> </div> </div> </div>  <div class="footer-bottom"> <div class="row"> <div class="large-8 medium-8 columns"><a href="https://web.archive.org/web/20170319012621/https://www.cmu.edu/"><img src="/web/20170319012621im_/https://www.cert.org/templates/skins/cert-main/img/CMU_logo__white.png" alt="Carnegie Mellon University" class="footer-cmu"></a></div> <div class="large-4 medium-4 columns"> <p class="copyright"><a href="https://web.archive.org/web/20170319012621/https://www.cmu.edu/" class="footer white">©2017 Carnegie Mellon University</a></p> </div> </div> </div> <script type="text/javascript"> setTimeout(function(){ var a=document.createElement("script"); var b=document.getElementsByTagName("script")[0]; a.src=document.location.protocol+"//web.archive.org/web/20170319012621/https://script.crazyegg.com/pages/scripts/0025/8650.js?"+Math.floor(new Date().getTime()/3600000); a.async=true;a.type="text/javascript";b.parentNode.insertBefore(a,b)}, 1); </script>     <script src="/web/20170319012621js_/https://www.cert.org/templates/skins/cert-main/js/min/app.min.js"></script> <script language="javascript"> fSetURL('/insider-threat/index.cfm'); // jQuery(document).ready(function() { jQuery("#owl-hero").owlCarousel({ navigation : true, // Show next and prev buttons slideSpeed : 800, paginationSpeed : 400, singleItem:true, autoPlay:10000, lazyLoad:true, responsiveRefreshRate:50, rewindNav:true, rewindSpeed:1 }); jQuery('.hiddenRecords').hide(); jQuery('.hiddenRecordToggle').click(function(vShow,vHide){ if (typeof vShow == 'object' | typeof vShow == 'undefined'){ vShow = 'More <i class="icon-angle-right"></i>'; } // if (typeof vHide == 'object' | typeof vHide == 'undefined'){ vHide = 'Less <i class="icon-angle-right"></i>'; } //alert(vHide); try{ if (jQuery(this).parent().find('.dam-heading').html().toLowerCase().indexOf("news") > 0){ vShow = 'Read more news & announcements <i class="icon-angle-right"></i>'; } } catch (err){} if (jQuery(this).closest('div').find('.hiddenRecords').is(":visible")){ jQuery(this).closest('div').find('.hiddenRecords').hide('fast'); jQuery(this).html(vShow); }else{ jQuery(this).closest('div').find('.hiddenRecords').show('fast'); jQuery(this).html(vHide); } }) // jQuery("a.share").fancybox({ 'transitionIn' : 'elastic', 'transitionOut' : 'elastic', 'fitToView': false, 'nextSpeed': 0, //important 'prevSpeed': 0, //important 'width' : 244, 'height' : 57, 'speedIn' : 500, 'speedOut' : 100, 'type' : 'iframe', 'showCloseButton' :true, 'padding' : 20, 'margin' : 10, 'overlayOpacity':'0.8', 'titlePosition' : 'inside', 'titleShow': false, 'centerOnScroll' : true, 'hideOnContentClick' : true }); jQuery("a.email").fancybox({ 'transitionIn' : 'elastic', 'transitionOut' : 'elastic', 'fitToView': false, 'nextSpeed': 0, //important 'prevSpeed': 0, //important 'width' : 500, 'height' : 480, 'speedIn' : 500, 'speedOut' : 100, 'type' : 'iframe', 'showCloseButton' :true, 'padding' : 20, 'margin' : 10, 'overlayOpacity':'0.8', 'titlePosition' : 'inside', 'titleShow': false, 'scrolling' : false, 'centerOnScroll' : true }); jQuery('#utilityMenuContainer').removeClass('jsnoshow'); }); jQuery(function() { jQuery("#tabset").tabs(); }); </script> </section> </div> </div>  <script type="text/javascript" src="/web/20170319012621js_/https://www.cert.org/commonspot/javascript/lightbox/overrides.js"></script><script type="text/javascript" src="/web/20170319012621js_/https://www.cert.org/commonspot/javascript/lightbox/window_ref.js"></script><script type="text/javascript" src="/web/20170319012621js_/https://www.cert.org/commonspot/pagemode/always-include-common.js"></script><script type="text/javascript" src="/web/20170319012621js_/https://www.cert.org/commonspot/pagemode/always-include-ns.js"></script>        <script type="text/javascript">  </script> <script type="text/javascript">  </script> </body></html>