International Implementation of Best Practices for Mitigating Insider Threat: Analyses for India and Germany
April 2014 • Technical Report
Lori Flynn, Carly L. Huth, Palma Buttles-Valdez, Michael C. Theis, George Silowash, Tracy Cassidy, Travis Wright (Carnegie Mellon University, Master of Science in Information Security Policy and Management Program), Randall F. Trzeciak
This report analyzes insider threat mitigation in India and Germany, using the new framework for international cybersecurity analysis described in the paper titled “Best Practices Against Insider Threats in All Nations.”
Software Engineering Institute
CMU/SEI Report Number
DOI (Digital Object Identifier):10.1184/R1/6574682.v1
This report analyzes insider threat mitigation in India and Germany, using the new framework for international cybersecurity analysis described in the paper titled "Best Practices Against Insider Threats in All Nations," applying the framework to specific countries for the first time. Using that framework, cybersecurity standards are considered with respect to analysis that takes into account a country's technologies, relevant laws, law enforcement, corruption, and prevalent culture and subcultures. This report provides a detailed profile for each of these factors for each country and considers five best practices for mitigating insider threats recommended in the Common Sense Guide to Mitigating Insider Threats.
This report is intended to help organizations implement cybersecurity best practices internationally. In part, this analysis is meant to help readers understand challenges in India and Germany, plus mitigations for the challenges that are particularly useful in those countries. These insights can be used by organizations that outsource to, offshore to, or have supply chains that include these countries. Furthermore, this report's findings may be helpful on a wide scale for implementing general cybersecurity best practices in countries that share similarities with India or Germany, with regard to the factors studied. Technical, physical, and administrative controls that are helpful for implementing best practices in India and Germany may be helpful for similar countries. Likewise, particular controls may be ineffective (and require substitution controls) in similar countries. This is an initial, exploratory effort that is not exhaustive.