Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date


Insider Threat Control Demonstration: IT Sabotage - Outsider Collusion

  • April 2011
  • By CERT Insider Threat Team
  • In this video, the Insider Threat team demonstrates the control in Using a SIEM Signature to Detect Potential Precursors to IT Sabotage.
  • Insider Threat
  • Publisher: Software Engineering Institute
  • Loading the video......
  • Abstract

    This paper describes the development and proposed application of a Security Information and Event Management (SIEM) signature to detect possible malicious insider activity leading to IT sabotage. In the absence of a uniform, standardized event logging format, this paper presents the signature in two of the most visible public formats, Common Event Framework (CEF) and Common Event Expression (CEE). Because of the limitations of these formats, the SIEM described in this paper employs an operational version of the proposed signature in an ArcSight environment. 
  • Notes