Topics: Insider Threat
Authors: Matthew L. Collins, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Randall F. Trzeciak, Andrew P. Moore
In this paper, the authors describe the who, what, when, where, and how of attacks by insiders using programming techniques and includes case examples.
Topics: Insider Threat
Authors: Matthew L. Collins, Derrick Spooner, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak
In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.
Topics: Insider Threat
Authors: George Silowash, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall, Lori Flynn
In this report, the authors define insider threats and outline current insider threat patterns and trends.
Topics: Insider Threat
Authors: Todd Lewellen, Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak, Derrick Spooner, Robert Weiland (Carnegie Mellon University)
In this article, the authors focus on cases in which the malicious insider was employed by a trusted business partner of the victim organization.
Topics: Insider Threat
Authors: Dawn Cappelli
In this presentation, Dawn Cappelli provides real-case examples to reinforce best practices in mitigating insider threat.
Topics: Insider Threat
Authors: Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
Topics: Insider Threat
Authors: Dawn Cappelli
In this presentation, Dawn Cappelli describes the CERT Insider Threat Crime Profiles and strategies to mitigating insider threat.
Topics: Insider Threat
Authors: Andrew P. Moore, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Eric D. Shaw, Derrick Spooner, Randall F. Trzeciak
In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.
Topics: Insider Threat
Authors: Dawn Cappelli, Joji Montelibano
In this presentation, the authors discuss crime profiles and countermeasures related to insider IT sabotage.
Topics: Insider Threat
Authors: Dawn Cappelli, Randall F. Trzeciak, Robert Floodeen
In this presentation, Software Engineering Institute researchers show how to detect insider threats successfully by monitoring and auditing network activity.
Topics: Insider Threat
Authors: Robert Weiland (Carnegie Mellon University), Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak, Derrick Spooner
In this report, the authors focus on cases in which the insider was employed by a trusted business partner of the victim organization.
Topics: Insider Threat
Authors: Dawn Cappelli, Randall F. Trzeciak, Andrew P. Moore, Julia H. Allen
Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.
Topics: Insider Threat
Authors: Andrew P. Moore, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Eric D. Shaw, Randall F. Trzeciak
In this paper, the authors describe general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.
Topics: Insider Threat
Authors: Derrick Spooner, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak
In this report, the authors focus on employees, contractors, and business partners who stole intellectual property to benefit a foreign entity.
Topics: Insider Threat
Authors: Dawn Cappelli, Randall F. Trzeciak
In this presentation, Dawn Cappelli and Randy Trzeciak describe sixteen best practices for mitigating insider threats.
Topics: Insider Threat
Authors: Michael Hanley, Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak
In this report, the authors focus on insider threat cases in which the insider had relationships with the internet underground community.
Topics: Insider Threat
Authors: Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall
In this paper, the authors present findings from examining insider crimes in a new way and add new practices that were not present in the second edition.
Topics: Insider Threat
Authors: Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Randall F. Trzeciak, Andrew P. Moore
In this report, the authors focus on persons who use programming techniques to commit malicious acts against their organizations.
Topics: Insider Threat
Authors: Dawn Cappelli, Akash G. Desai (Information Networking Institute, Carnegie Mellon University), Andrew P. Moore, Timothy J. Shimeall, Elise A. Weaver (Worcester Polytechnic Institute), Bradford J. Willke
In this paper, the authors describe the MERIT insider threat model and simulation results.
Topics: Insider Threat
Authors: Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.
Topics: Insider Threat
Authors: Dawn Cappelli, Andrew P. Moore
In this presentation, the authors describe different types of insider crime and best practices for mitigating that crime.
Topics: Insider Threat
Authors: Dawn Cappelli, Julia H. Allen
In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.
Topics: Insider Threat
Authors: Eileen Kowalski (United States Secret Service), Dawn Cappelli, Andrew P. Moore
In this paper, the authors present the findings of research examining reported insider incidents in the information technology and telecommunications sectors.
Topics: Insider Threat
Authors: Eileen Kowalski (United States Secret Service), Dawn Cappelli, Bradford J. Willke, Andrew P. Moore
In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.
Topics: Insider Threat
Authors: Dawn Cappelli, Akash G. Desai (Information Networking Institute, Carnegie Mellon University), Andrew P. Moore, Timothy J. Shimeall, Elise A. Weaver (Worcester Polytechnic Institute), Bradford J. Willke
In this 2006 report, the authors describe MERIT insider threat model and simulation results.
Topics: Process Improvement
Authors: Steven R. Band (Counterintelligence Field Activity - Behavioral Science Directorate), Dawn Cappelli, Lynn F. Fischer, Andrew P. Moore, Eric D. Shaw, Randall F. Trzeciak
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.
Topics: Insider Threat
Authors: Dawn Cappelli, Julia H. Allen
In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders.
Topics: Insider Threat
Authors: Dawn Cappelli, Andrew P. Moore, Eric D. Shaw
In this presentation, the authors describe an interactive case example of insider threat, discuss key sabotage observations, and provide an overview of MERIT.
Topics: Insider Threat
Authors: Dawn Cappelli, Randall F. Trzeciak, Andrew P. Moore
In this 2006 presentation, the authors describe the lessons they learned from real-world fraud, theft, and sabotage incidents.
Topics: Insider Threat
Authors: Dawn Cappelli
In this 2006 presentation, Dawn Cappelli discusses the insider threat, what the CERT Division is doing about it and what you need to know about it.
Topics: Insider Threat
Authors: Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak
This presentation on insider threats in the SDLC was delivered by Dawn Cappelli, Andrew P. Moore, and Randy Trzeciak of the Software Engineering Institute's CERT Program in 2006.
Topics: Insider Threat
Authors: Dawn Cappelli
In this 2005 presentation, Dawn Cappelli discusses preventing insider threat sabotage.
Topics: Insider Threat
Authors: Eliot Rich (University at Albany State University of New York), Howard F. Lipson, Dave Mundie, Jose M. Sarriegui (University of Navarra Spain), Agata Sawicka (Agder University College Norway), Thomas R. Stewart (University at Albany State University of New York), Jose M. Torres (University of Navarra Spain), Elise A. Weaver (Worcester Polytechnic Institute), Johannes Wiik (Agder University College Norway), Ignacio J. Martinez-Moyano (University at Albany State University of New York), Paul Conrad, Dawn Cappelli, Andrew P. Moore, Timothy J. Shimeall, David F. Andersen (University at Albany State University of New York), Jose J. Gonzalez (Agder University College Norway), Robert J. Ellison
In this paper, the authors identify actions that may inadvertently lead to increased vulnerability to threats from employees, contractors, and clients.
Topics: Insider Threat
Authors: Marissa R. Randazzo (United States Secret Service), Michelle Keeney (United States Secret Service), Eileen Kowalski (United States Secret Service), Dawn Cappelli, Andrew P. Moore
In this 2005 report, the authors outline the ITS, a study of insider incidents identified by public reporting or in fraud cases from the Secret Service.
Topics: Insider Threat
Authors: Tara Conway (National Threat Assessment Center), Susan Keverline (National Threat Assessment Center), Michelle Keeney (United States Secret Service), Eileen Kowalski (United States Secret Service), Megan Williams (National Threat Assessment Center), Dawn Cappelli, Andrew P. Moore, Stephanie Rogers, Timothy J. Shimeall
In this report, the authors seek to close the gaps in the literature that make it difficult for organizations to fully understand the insider threat.
Topics: Insider Threat
Authors: David F. Andersen (University at Albany State University of New York), Elise A. Weaver (Worcester Polytechnic Institute), Aldo Zagonel (University at Albany, Rockefeller College of Public Affairs and Policy), Dawn Cappelli, Jose J. Gonzalez (Agder University College Norway), Mohammad Mojtahedzadeh (Attune Group, Inc.), Andrew P. Moore, Eliot Rich (University at Albany State University of New York), Jose M. Sarriegui (University of Navarra Spain), Timothy J. Shimeall, Jeffrey M. Stanton (Syracuse University, School of Information Studies)
This paper discusses the preliminary system dynamic maps of the insider cyber-threat and describes the main ideas behind the research proposal.
Topics: Insider Threat, Measurement and Analysis
Authors: Dawn Cappelli, Michelle Keeney (United States Secret Service)
In this presentation, the authors discuss the e-Crime Watch survey and the USSS/CERT Insider Threat study.
Topics: Insider Threat
Authors: Dawn Cappelli, Andrew P. Moore, Marissa R. Randazzo (United States Secret Service), Michelle Keeney (United States Secret Service), Eileen Kowalski (United States Secret Service)
In this report, the authors present an overview of the Insider Threat Study (ITS), including its background, scope, study methods, and findings.
Authors: B. Craig Meyers, Dawn Cappelli
This report is the second in a series on the use of representation clauses and implementation-dependent features in Ada.
Authors: B. Craig Meyers, Dawn Cappelli
This report, one in a series, provides a qualitative assessment of the support of representation clauses and implementation- dependent features in Ada provided by the VAX Ada compiler, Version 1.3.
Authors: B. Craig Meyers, Dawn Cappelli
This report is one in a series dealing with the use of representation clauses and implementation-dependent features in Ada. The purpose of this report is to discuss detailed experimental procedures to assess compiler support.
Authors: B. Craig Meyers, Dawn Cappelli
This report, one in a series, provides a qualitative assessment of the support of representation clauses and implementation-dependent features in Ada provided by the Ada/M(44) compiler, Version 1.6.