Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Technical Report

Common Sense Guide to Mitigating Insider Threats, Sixth Edition

  • Abstract

    This sixth edition of the Common Sense Guide to Mitigating Insider Threats provides the current recommendations of the CERT Division (part of Carnegie Mellon University’s Software Engineering Institute), based on an expanded corpus of more than 1,500 insider threat cases and continued research and analysis. It introduces the topic of insider threats, describes its intended audience, outlines changes for this edition, defines insider threats, and outlines current trends. The guide then describes 21 practices that organizations should implement to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes challenges to implementation, quick wins, and high-impact solutions for small and large organizations. This edition also focuses on six groups within an organization—Human Resources, Legal Counsel, Physical Security, Data Owners, Information Technology, and Software Engineering—and maps relevant groups to each practice. The appendices provide a list of information security best practices, a mapping of the guide’s practices to established security standards, a breakdown of the practices by organizational group, and checklists of activities for each practice.

  • Download

Cite This Report

SEI

Theis, Michael; Trzeciak, Randall; Costa, Daniel; Moore, Andrew; Miller, Sarah; Cassidy, Tracy; & Claycomb, William. Common Sense Guide to Mitigating Insider Threats, Sixth Edition. CMU/SEI-2018-TR-010. Software Engineering Institute, Carnegie Mellon University. 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540644

IEEE

Theis. Michael, Trzeciak. Randall, Costa. Daniel, Moore. Andrew, Miller. Sarah, Cassidy. Tracy, and Claycomb. William, "Common Sense Guide to Mitigating Insider Threats, Sixth Edition," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2018-TR-010, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540644

APA

Theis, Michael., Trzeciak, Randall., Costa, Daniel., Moore, Andrew., Miller, Sarah., Cassidy, Tracy., & Claycomb, William. (2019). Common Sense Guide to Mitigating Insider Threats, Sixth Edition (CMU/SEI-2018-TR-010). Retrieved March 21, 2019, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540644

CHI

Michael Theis, Randall Trzeciak, Daniel Costa, Andrew Moore, Sarah Miller, Tracy Cassidy, & William Claycomb. Common Sense Guide to Mitigating Insider Threats, Sixth Edition (CMU/SEI-2018-TR-010). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540644

MLA

Theis, Michael., Trzeciak, Randall., Costa, Daniel., Moore, Andrew., Miller, Sarah., Cassidy, Tracy., & Claycomb, William. 2019. Common Sense Guide to Mitigating Insider Threats, Sixth Edition (Technical Report CMU/SEI-2018-TR-010). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540644

BibTex

@techreport{TheisCommonSense2019,
title={Common Sense Guide to Mitigating Insider Threats},
edition={Sixth},
author={Michael Theis and Randall Trzeciak and Daniel Costa and Andrew Moore and Sarah Miller and Tracy Cassidy and William Claycomb},
year={2019},
number={CMU/SEI-2018-TR-010},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540644} }