Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Andrew P. Moore
December 2014 - Technical Note Pattern-Based Design of Insider Threat Programs

Topics: Insider Threat

Authors: Andrew P. Moore, Matthew L. Collins, Dave Mundie, Robin Ruefle, David McIntire

In this report, the authors describe a pattern-based approach to designing insider threat programs that could provide a better defense against insider threats.

May 2014 - Technical Report Data-Driven Software Assurance: A Research Study

Topics: Software Assurance, Performance and Dependability, Process Improvement, Measurement and Analysis

Authors: Michael D. Konrad, Art Manion, Andrew P. Moore, Julia L. Mullaney, William Nichols, Michael F. Orlando, Erin Harper

In 2012, Software Engineering Institute (SEI) researchers began investigating vulnerabilities reported to the SEI’s CERT® Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.

March 2014 - Presentation Modeling Sustainment Dynamics

Topics: Measurement and Analysis

Authors: Sarah Sheard, Andrew P. Moore, Robert Ferguson

This presentation overviews a systems dynamics simulation model that describes influences of multiple variables on the sustainment phase of a system.

December 2013 - White Paper Spotlight On: Programmers as Malicious Insiders–Updated and Revised

Topics: Insider Threat

Authors: Matthew L. Collins, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Randall F. Trzeciak, Andrew P. Moore

In this paper, the authors describe the who, what, when, where, and how of attacks by insiders using programming techniques and includes case examples.

November 2013 - Webinar Panel Discussion: Managing the Insider Threat: What Every Organization Should Know

Topics: Insider Threat

Authors: Robert Floodeen, William R. Claycomb, Andrew P. Moore, Kurt C. Wallnau, Randall F. Trzeciak, Alex Nicoll

In this webinar, a watch panel discusses Managing the Insider Threat: What Every Organization Should Know.

November 2013 - Webinar Emerging Trends

Topics: Insider Threat

Authors: William R. Claycomb, Andrew P. Moore

In this November 2013 webinar, Bill Claycomb and Andrew Moore discuss how technology in emerging trends enables new types of insider attacks.

October 2013 - Conference Paper Four Insider IT Sabotage Mitigation Patterns and an Initial Effectiveness Analysis

Topics: Insider Threat

Authors: Lori Flynn, Jason W. Clark, Andrew P. Moore, Matthew L. Collins, Eleni Tsamitis, Dave Mundie, David McIntire

In this paper, the authors describe four patterns of insider IT sabotage mitigation and initial results from 46 relevant cases for pattern effectiveness.

July 2013 - Presentation Modeling the Evolution of a Science Project in Software-Reliant System Acquisition Programs

Topics: Acquisition Support

Authors: Andrew P. Moore, William E. Novak

This presentation was delivered at the International Conference of the System Dynamics Society in July 2013.

May 2013 - Technical Note Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations (2013)

Topics: Insider Threat

Authors: Matthew L. Collins, Derrick Spooner, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak

In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.

April 2013 - Presentation Understanding the Drivers Behind Software Acquisition Program Performance

Topics: Acquisition Support

Authors: Andrew P. Moore, William E. Novak

This presentation was delivered at the April 2013 STC.

April 2013 - Podcast The Evolution of a Science Project

Topics: Acquisition Support

Authors: Andrew P. Moore, William Novak

In this podcast, Bill Novak and Andy Moore describe a recent technical report, The Evolution of a Science Project, which intends to improve acquisition staff decision-making.

March 2013 - Technical Note Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders

Topics: Insider Threat

Authors: Andrew P. Moore, David McIntire, Dave Mundie, David Zubrow

In this report, the authors justify applying the pattern “Increased Review for Intellectual Property (IP) Theft by Departing Insiders.”

December 2012 - Technical Note Analyzing Cases of Resilience Success and Failure - A Research Study

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Pamela D. Curtis, Andrew P. Moore, Nader Mehravari, Kevin G. Partridge, Robert W. Stoddard, Randall F. Trzeciak

In this report, the authors describe research aimed at helping organizations to know the business value of implementing resilience processes and practices.

December 2012 - Technical Report Common Sense Guide to Mitigating Insider Threats, 4th Edition

Topics: Insider Threat

Authors: George Silowash, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall, Lori Flynn

In this report, the authors define insider threats and outline current insider threat patterns and trends.

October 2012 - Presentation Evolution of a Science Project

Topics: Acquisition Support

Authors: Julie B. Cohen, Andrew P. Moore, William E. Novak

This presentation was delivered at the NDIA Systems Engineering Conference in October 2012.

October 2012 - White Paper Spotlight On: Insider Threat from Trusted Business Partners Version 2: Updated and Revised

Topics: Insider Threat

Authors: Todd Lewellen, Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak, Derrick Spooner, Robert Weiland (Carnegie Mellon University)

In this article, the authors focus on cases in which the malicious insider was employed by a trusted business partner of the victim organization.

July 2012 - Special Report Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector

Topics: Insider Threat

Authors: Adam Cummings, Todd Lewellen, David McIntire, Andrew P. Moore, Randall F. Trzeciak

In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.

July 2012 - Technical Report The Evolution of a Science Project: A Preliminary System Dynamics Model of a Recurring Software-Reliant Acquisition Behavior

Topics: Acquisition Support

Authors: William E. Novak, Andrew P. Moore, Christopher J. Alberts

This report uses a preliminary system dynamics model to analyze a specific adverse acquisition dynamic concerning the poorly controlled evolution of small prototype efforts into full-scale systems.

April 2012 - Technical Report Insider Threat Security Reference Architecture

Topics: Insider Threat

Authors: Joji Montelibano, Andrew P. Moore

In this report, the authors describe the Insider Threat Security Reference Architecture (ITSRA), an enterprise-wide solution to the insider threat.

April 2012 - Technical Report A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders

Topics: Insider Threat

Authors: Andrew P. Moore, Michael Hanley, Dave Mundie

In this report, the authors present techniques for helping organizations plan, prepare, and implement means to mitigate insider theft of intellectual property.

June 2011 - Technical Note A Preliminary Model of Insider Theft of Intellectual Property

Topics: Insider Threat

Authors: Andrew P. Moore, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Eric D. Shaw, Derrick Spooner, Randall F. Trzeciak

In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.

August 2010 - Technical Report A Framework for Modeling the Software Assurance Ecosystem: Insights from the Software Assurance Landscape Project

Topics: Software Assurance, Cybersecurity Engineering

Authors: Lisa Brownsword, Carol Woody, Christopher J. Alberts, Andrew P. Moore

In this report, the authors describe the SEI Assurance Modeling Framework, piloting to prove its value, and insights gained from that piloting.

February 2010 - White Paper Spotlight On: Insider Threat from Trusted Business Partners

Topics: Insider Threat

Authors: Robert Weiland (Carnegie Mellon University), Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak, Derrick Spooner

In this report, the authors focus on cases in which the insider was employed by a trusted business partner of the victim organization.

August 2009 - Podcast Mitigating Insider Threat: New and Improved Practices

Topics: Insider Threat

Authors: Dawn Cappelli, Randall F. Trzeciak, Andrew P. Moore, Julia H. Allen

Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.

July 2009 - White Paper Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model

Topics: Insider Threat

Authors: Andrew P. Moore, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Eric D. Shaw, Randall F. Trzeciak

In this paper, the authors describe general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.

June 2009 - White Paper Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations (2009)

Topics: Insider Threat

Authors: Derrick Spooner, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak

In this report, the authors focus on employees, contractors, and business partners who stole intellectual property to benefit a foreign entity.

March 2009 - White Paper Spotlight On: Malicious Insiders with Ties to the Internet Underground Community

Topics: Insider Threat

Authors: Michael Hanley, Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak

In this report, the authors focus on insider threat cases in which the insider had relationships with the internet underground community.

January 2009 - White Paper Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition – Version 3.1

Topics: Insider Threat

Authors: Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall

In this paper, the authors present findings from examining insider crimes in a new way and add new practices that were not present in the second edition.

December 2008 - White Paper Spotlight On: Programming Techniques Used as an Insider Attack Tool

Topics: Insider Threat

Authors: Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Randall F. Trzeciak, Andrew P. Moore

In this report, the authors focus on persons who use programming techniques to commit malicious acts against their organizations.

May 2008 - Technical Report The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures

Topics: Insider Threat

Authors: Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak

In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.

April 2008 - Presentation Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks

Topics: Insider Threat

Authors: Dawn Cappelli, Andrew P. Moore

In this presentation, the authors describe different types of insider crime and best practices for mitigating that crime.

January 2008 - White Paper Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector

Topics: Insider Threat

Authors: Eileen Kowalski (United States Secret Service), Dawn Cappelli, Andrew P. Moore

In this paper, the authors present the findings of research examining reported insider incidents in the information technology and telecommunications sectors.

January 2008 - White Paper Insider Threat Study: Illicit Cyber Activity in the Government Sector

Topics: Insider Threat

Authors: Eileen Kowalski (United States Secret Service), Dawn Cappelli, Bradford J. Willke, Andrew P. Moore

In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.

March 2007 - Technical Note Modeling and Analysis of Information Technology Change and Access Controls in the Business Context

Topics: Insider Threat

Authors: Andrew P. Moore, Rohit S. Antao

In this report, the authors describe progress in developing a system dynamics model of typical use of change and access controls to support IT operations.

December 2006 - Technical Report Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis

Topics: Process Improvement

Authors: Steven R. Band (Counterintelligence Field Activity - Behavioral Science Directorate), Dawn Cappelli, Lynn F. Fischer, Andrew P. Moore, Eric D. Shaw, Randall F. Trzeciak

In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.

November 2006 - Presentation A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage

Topics: Insider Threat

Authors: Dawn Cappelli, Andrew P. Moore, Eric D. Shaw

In this presentation, the authors describe an interactive case example of insider threat, discuss key sabotage observations, and provide an overview of MERIT.

January 2006 - Presentation Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage

Topics: Insider Threat

Authors: Dawn Cappelli, Randall F. Trzeciak, Andrew P. Moore

In this 2006 presentation, the authors describe the lessons they learned from real-world fraud, theft, and sabotage incidents.

January 2006 - Presentation Insider Threats in the SDLC

Topics: Insider Threat

Authors: Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak

This presentation on insider threats in the SDLC was delivered by Dawn Cappelli, Andrew P. Moore, and Randy Trzeciak of the Software Engineering Institute's CERT Program in 2006.

June 2005 - Technical Report Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector

Topics: Insider Threat

Authors: Marissa R. Randazzo (United States Secret Service), Michelle Keeney (United States Secret Service), Eileen Kowalski (United States Secret Service), Dawn Cappelli, Andrew P. Moore

In this 2005 report, the authors outline the ITS, a study of insider incidents identified by public reporting or in fraud cases from the Secret Service.

September 2004 - Technical Note Security and Survivability Reasoning Frameworks and Architectural Design Tactics

Topics: Cybersecurity Engineering, Software Architecture

Authors: Robert J. Ellison, Andrew P. Moore, Len Bass, Mark H. Klein, Felix Bachmann

In this report, the authors describe an approach to disciplined software architecture design for the related quality attributes of security and survivability.

August 2004 - Special Report Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector

Topics: Insider Threat

Authors: Dawn Cappelli, Andrew P. Moore, Marissa R. Randazzo (United States Secret Service), Michelle Keeney (United States Secret Service), Eileen Kowalski (United States Secret Service)

In this report, the authors present an overview of the Insider Threat Study (ITS), including its background, scope, study methods, and findings.

October 2002 - Technical Report Trustworthy Refinement Through Intrusion-Aware Design

Authors: Robert J. Ellison, Andrew P. Moore

This document has been superseded by CMU/SEI-2003-TR-002.

October 2002 - Technical Report Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)

Authors: Robert J. Ellison, Andrew P. Moore

In this report, the authors demonstrate the application of TRIAD to refining a survivability strategy for a business that sells products on the internet.

May 2002 - White Paper Foundations for Survivable Systems Engineering

Authors: Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory), Nancy R. Mead, Andrew P. Moore

In this paper, the authors describe their efforts to perform risk assessment and analyze and design robust survivable systems.

December 2001 - Technical Note Can We Ever Build Survivable Systems from COTS Components?

Authors: Howard F. Lipson, Nancy R. Mead, Andrew P. Moore

In this 2001 report, the authors describe a risk-mitigation framework for deciding when and how COTS components can be used to build survivable systems.

October 2001 - Technical Note Architectural Refinement for the Design of Survivable Systems

Topics: Software Architecture

Authors: Robert J. Ellison, Andrew P. Moore

This paper describes a process for systematically refining an enterprise system architecture to resist, recognize, and recover from deliberate, malicious attacks by applying reusable design primitives that help ensure the survival of the enterprise mission.

October 2001 - Technical Report Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models

Authors: Richard C. Linger (Oak Ridge National Laboratory), Andrew P. Moore

This 2001 paper describes initial work in the foundations stage for survivability specification and intrusion specification, as well as survivability evaluationmodels that draw upon both of these areas.

March 2001 - Technical Note Attack Modeling for Information Security and Survivability

Authors: Andrew P. Moore, Robert J. Ellison, Richard C. Linger (Oak Ridge National Laboratory)

This technical note describes and illustrates an approach for documenting attack information in a structured and reusable form.