Spotlight On: Insider Threat from Trusted Business Partners Version 2: Updated and Revised

October 1, 2012 • White Paper

By

Todd Lewellen, Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak, Derrick Spooner, and Robert Weiland (Carnegie Mellon University)

In this article, the authors focus on cases in which the malicious insider was employed by a trusted business partner of the victim organization.

Publisher

Software Engineering Institute

Subjects

Insider Threat

Abstract

This article is the sixth in the series Spotlight On, published by the CERT® Insider Threat Center at Carnegie Mellon University's Software Engineering Institute and funded by CyLab. Each article focuses on a specific area of concern and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. For more information about the CERT Program's insider threat work, see http://www.cert.org/insider_threat/.

This article focuses on cases in which the malicious insider was employed by a trusted business partner of the victim organization. We first define the concept of trusted business partner (TBP) and then describe case scenarios in which a TBP has become an insider threat. These case scenarios concentrate on presenting the who, what, why, and how of the illicit activity. Finally, we provide recommendations that may be useful in countering these threats

Software Engineering Institute