David McIntire

CERT

Publications by David McIntire

The Sector CSIRT Framework: Developing Sector-Based Incident Response Capabilities

June 08, 2021 • Technical Report

Justin Novak Brittany Manley David McIntire

This framework guides the development and implementation of a sector CSIRT.
read
Incident Management Capability Assessment

December 19, 2018 • Technical Report

Audrey J. Dorofee Robin Ruefle Mark Zajicek

The capabilities presented in this report provide a benchmark of incident management practices.
read
Pattern-Based Design of Insider Threat Programs

December 09, 2014 • Technical Note

Andrew P. Moore Matthew L. Collins Dave Mundie

In this report, the authors describe a pattern-based approach to designing insider threat programs that could provide a better defense against insider threats.
read
A Systematic Approach for Assessing Workforce Readiness

August 18, 2014 • Technical Report

Christopher J. Alberts David McIntire

In this report, the authors present the Competency Lifecycle Roadmap and the readiness test development method, both used to maintain workforce readiness.
read
Four Insider IT Sabotage Mitigation Patterns and an Initial Effectiveness Analysis

October 22, 2013 • Conference Paper

Lori Flynn Jason W. Clark Andrew P. Moore

In this paper, the authors describe four patterns of insider IT sabotage mitigation and initial results from 46 relevant cases for pattern effectiveness.
read
Results of SEI Line-Funded Exploratory New Starts Projects: FY 2012

July 01, 2013 • Technical Report

Bjorn Andersson Lori Flynn David P. Gluch

This report describes line-funded exploratory new starts (LENS) projects that were conducted during fiscal year 2012 (October 2011 through September 2012).
read
Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders

March 01, 2013 • Technical Note

Andrew P. Moore David McIntire Dave Mundie

In this report, the authors justify applying the pattern “Increased Review for Intellectual Property (IP) Theft by Departing Insiders.”
read
The MAL: A Malware Analysis Lexicon

February 01, 2013 • Technical Note

Dave Mundie David McIntire

In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.
read
Chronological Examination of Insider Threat Sabotage: Preliminary Observations

December 01, 2012 • White Paper

William R. Claycomb Carly L. Huth Lori Flynn

In this paper, the authors examine 15 cases of insider threat sabotage of IT systems to identify points in the attack time-line.
read
Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector

July 01, 2012 • Special Report

Adam Cummings Todd Lewellen David McIntire

In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.
read