Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data

January 2011 • Technical Note

Michael Hanley

In this 2011 report, Michael Hanley demonstrates how a method for modeling insider crimes can create candidate technical controls and indicators.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2011-TN-003

Subjects

Insider ThreatInsider Threat

Abstract

The insider threat continues to be one of the prime issues facing government entities and organizations across critical infrastructure sectors. Extensive catalogues of case material from actual insider events have been used by CERT, part of Carnegie Mellon University's Software Engineering Institute, to create socio-technical models of insider crime to help educate organizations on the risk of insider crime. Building upon this work, this paper seeks to demonstrate how a useful method for extracting technical information from previous insider crimes and mapping it to previous modeling work can create informed candidate technical controls and indicators. This paper also shows current examples of case material and candidate indicators that have been successfully converted into well-received insider threat training modules.

Download PDF

Cite This Report

SEI

Hanley, Michael. Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data. CMU/SEI-2011-TN-003. Software Engineering Institute, Carnegie Mellon University. 2011. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9787

IEEE

Hanley. Michael, "Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2011-TN-003, 2011. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9787

APA

Hanley, Michael. (2011). Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data (CMU/SEI-2011-TN-003). Retrieved June 10, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9787

CHI

Michael Hanley. Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data (CMU/SEI-2011-TN-003). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2011. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9787

MLA

Hanley, Michael. 2011. Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data (Technical Report CMU/SEI-2011-TN-003). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9787

BibTex

@techreport{HanleyDerivingCandidate2011,
title={Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data},
author={Michael Hanley},
year={2011},
number={CMU/SEI-2011-TN-003},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9787} }

Ask a question about this Technical Note

Software Engineering Institute