Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks

  • Abstract

    The Insider Threat Study, conducted by the U.S. Secret Service and Carnegie Mellon University's Software Engineering Institute CERT Program, analyzed insider cyber crimes across U.S. critical infrastructure sectors. The study indicates that management decisions related to organizational and employee performance sometimes yield unintended consequences that increase risk of insider attack. The problem is exacerbated by a lack of tools for understanding insider threat, analyzing risk mitigation alternatives, and communicating results. To develop such tools is the goal of Carnegie Mellon University's Management and Education of the Risk of Insider Threat (MERIT) project. MERIT uses system dynamics to model and analyze insider threats and produce interactive learning environments. These tools can be used by policy makers, security officers, information technology and human resource personnel, and management. The tools help these users to understand the problem and assess risk from insiders based on simulations of policies, and on cultural, technical, and procedural factors. This technical note describes the MERIT insider threat model and simulation results.

  • Download

Cite This Report

SEI

Cappelli, Dawn; Desai, Akash; Moore, Andrew; Shimeall, Timothy; Weaver, Elise; & Willke, Bradford. Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks. CMU/SEI-2006-TN-041. Software Engineering Institute, Carnegie Mellon University. 2007. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8031

IEEE

Cappelli. Dawn, Desai. Akash, Moore. Andrew, Shimeall. Timothy, Weaver. Elise, and Willke. Bradford, "Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2006-TN-041, 2007. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8031

APA

Cappelli, Dawn., Desai, Akash., Moore, Andrew., Shimeall, Timothy., Weaver, Elise., & Willke, Bradford. (2007). Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks (CMU/SEI-2006-TN-041). Retrieved May 24, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8031

CHI

Dawn Cappelli, Akash Desai, Andrew Moore, Timothy Shimeall, Elise Weaver, & Bradford Willke. Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks (CMU/SEI-2006-TN-041). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2007. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8031

MLA

Cappelli, Dawn., Desai, Akash., Moore, Andrew., Shimeall, Timothy., Weaver, Elise., & Willke, Bradford. 2007. Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks (Technical Report CMU/SEI-2006-TN-041). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8031

BibTex

@techreport{CappelliManagementand2007,
title={Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks},
author={Dawn Cappelli and Akash Desai and Andrew Moore and Timothy Shimeall and Elise Weaver and Bradford Willke},
year={2007},
number={CMU/SEI-2006-TN-041},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8031} }