Dawn Cappelli
Software Engineering Institute
Dawn Cappelli is an SEI alumni employee.
Dawn Cappelli is Senior Member of the Technical Staff in CERT at Carnegie Mellon University's Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERTs insider threat research, including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT. Other current work includes modeling and simulation projects for risk analysis and communication of impacts of policy decisions, technical security measures, psychological issues, and organizational culture on insider threat. Ms. Cappelli is also adjunct professor in Carnegie Mellon's Heinz College of Public Policy and Management. Ms. Cappelli has been with Carnegie Mellon since 1988. Before joining CERT in 2001, Ms. Cappelli was Director of Engineering for the Information Technology Development Center of Carnegie Mellon Research Institute, led special projects for the universitys Computing Services, and worked on projects for the Software Engineering Institutes Information Technology team. Before joining the SEI in 1988, Ms. Cappelli was Software Engineer for Westinghouse Electric Corporation, developing nuclear power plant systems.
Publications by Dawn Cappelli
-
Spotlight On: Programmers as Malicious Insiders–Updated and Revised
December 02, 2013 • White Paper
Matthew L. CollinsDawn CappelliThomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University)
In this paper, the authors describe the who, what, when, where, and how of attacks by insiders using programming techniques and includes case examples.
read -
Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations (2013)
May 20, 2013 • Technical Note
Matthew L. CollinsDerrick SpoonerDawn Cappelli
In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.
read -
Common Sense Guide to Mitigating Insider Threats, Fourth Edition
December 01, 2012 • Technical Report
George SilowashDawn CappelliAndrew P. Moore
In this report, the authors define insider threats and outline current insider threat patterns and trends.
read -
Spotlight On: Insider Threat from Trusted Business Partners Version 2: Updated and Revised
October 01, 2012 • White Paper
Todd LewellenAndrew P. MooreDawn Cappelli
In this article, the authors focus on cases in which the malicious insider was employed by a trusted business partner of the victim organization.
read -
The CERT Top 10 List for Winning the Battle Against Insider Threats
February 27, 2012 • Presentation
Dawn Cappelli
In this presentation, Dawn Cappelli provides real-case examples to reinforce best practices in mitigating insider threat.
read -
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)
January 24, 2012 • Book
Dawn M. CappelliAndrew P. MooreRandall F. Trzeciak
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
read -
Insider Threats: Actual Attacks by Current and Former and Software Engineers
June 09, 2011 • Presentation
Dawn Cappelli
In this presentation, Dawn Cappelli describes the CERT Insider Threat Crime Profiles and strategies to mitigating insider threat.
read -
A Preliminary Model of Insider Theft of Intellectual Property
June 01, 2011 • Technical Note
Andrew P. MooreDawn CappelliThomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University)
In this report, the authors describe general observations about and a preliminary system dynamics model of insider crime based on our empirical data.
read -
Combat IT Sabotage: Technical Solutions From The CERT Insider Threat Lab
February 14, 2011 • Presentation
Dawn CappelliJoji Montelibano
In this presentation, the authors discuss crime profiles and countermeasures related to insider IT sabotage.
read -
The Key to Successful Monitoring for Detection of Insider Attacks
October 21, 2010 • Presentation
Dawn CappelliRandall F. TrzeciakRobert Floodeen
In this presentation, Software Engineering Institute researchers show how to detect insider threats successfully by monitoring and auditing network activity.
read -
Spotlight On: Insider Threat from Trusted Business Partners
February 01, 2010 • White Paper
Robert Weiland (Carnegie Mellon University)Andrew P. MooreDawn Cappelli
In this report, the authors focus on cases in which the insider was employed by a trusted business partner of the victim organization.
read -
Mitigating Insider Threat: New and Improved Practices
August 18, 2009 • Podcast
Dawn CappelliRandall F. TrzeciakAndrew P. Moore
Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.
learn more -
Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
July 20, 2009 • White Paper
Andrew P. MooreDawn CappelliThomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University)
In this paper, the authors describe general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.
read -
Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations (2009)
June 01, 2009 • White Paper
Derrick SpoonerDawn CappelliAndrew P. Moore
In this report, the authors focus on employees, contractors, and business partners who stole intellectual property to benefit a foreign entity.
read -
Best Practices For Mitigating Insider Threat: Lessons Learned From 250 Cases
April 20, 2009 • Presentation
Dawn CappelliRandall F. Trzeciak
In this presentation, Dawn Cappelli and Randy Trzeciak describe sixteen best practices for mitigating insider threats.
read -
Spotlight On: Malicious Insiders with Ties to the Internet Underground Community
March 01, 2009 • White Paper
Michael HanleyAndrew P. MooreDawn Cappelli
In this report, the authors focus on insider threat cases in which the insider had relationships with the internet underground community.
read -
Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition – Version 3.1
January 01, 2009 • White Paper
Dawn CappelliAndrew P. MooreRandall F. Trzeciak
In this paper, the authors present findings from examining insider crimes in a new way and add new practices that were not present in the second edition.
read -
Spotlight On: Programming Techniques Used as an Insider Attack Tool
December 01, 2008 • White Paper
Dawn CappelliThomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University)Randall F. Trzeciak
In this report, the authors focus on persons who use programming techniques to commit malicious acts against their organizations.
read -
Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System
May 01, 2008 • White Paper
Dawn CappelliAkash G. Desai (Information Networking Institute, Carnegie Mellon University)Andrew P. Moore
In this paper, the authors describe the MERIT insider threat model and simulation results.
read -
The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
May 01, 2008 • Technical Report
Andrew P. MooreDawn CappelliRandall F. Trzeciak
In this report, the authors describe seven observations about insider IT sabotage based on their empirical data and study findings.
read -
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
April 09, 2008 • Presentation
Dawn CappelliAndrew P. Moore
In this presentation, the authors describe different types of insider crime and best practices for mitigating that crime.
read -
Insider Threat and the Software Development Life Cycle
March 04, 2008 • Podcast
Dawn CappelliJulia H. Allen
In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.
learn more -
Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector
January 01, 2008 • White Paper
Eileen Kowalski (United States Secret Service)Dawn CappelliAndrew P. Moore
In this paper, the authors present the findings of research examining reported insider incidents in the information technology and telecommunications sectors.
read -
Insider Threat Study: Illicit Cyber Activity in the Government Sector
January 01, 2008 • White Paper
Eileen Kowalski (United States Secret Service)Dawn CappelliBradford J. Willke
In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.
read -
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks
March 01, 2007 • Technical Note
Dawn CappelliAkash G. Desai (Information Networking Institute, Carnegie Mellon University)Andrew P. Moore
In this 2006 report, the authors describe MERIT insider threat model and simulation results.
read -
Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis
December 01, 2006 • Technical Report
Stephen R. Band (Counterintelligence Field Activity - Behavioral Science Directorate)Dawn CappelliLynn F. Fischer
In this report, the authors examine the psychological, technical, organizational, and contextual factors that contribute to espionage and insider sabotage.
read -
Protecting Against Insider Threat
November 28, 2006 • Podcast
Dawn CappelliJulia H. Allen
In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders.
learn more -
A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage
November 07, 2006 • Presentation
Dawn CappelliAndrew P. MooreEric D. Shaw
In this presentation, the authors describe an interactive case example of insider threat, discuss key sabotage observations, and provide an overview of MERIT.
read -
Insider Threats in the SDLC: Lessons Learned from Actual Incidents of Fraud, Theft of Sensitive Information and IT Sabotage
January 01, 2006 • Presentation
Dawn CappelliRandall F. TrzeciakAndrew P. Moore
In this 2006 presentation, the authors describe the lessons they learned from real-world fraud, theft, and sabotage incidents.
read -
Pay Attention! What are Your Employees Doing?
January 01, 2006 • Presentation
Dawn Cappelli
In this 2006 presentation, Dawn Cappelli discusses the insider threat, what the CERT Division is doing about it and what you need to know about it.
read -
Insider Threats in the SDLC
January 01, 2006 • Presentation
Dawn CappelliAndrew P. MooreRandall F. Trzeciak
This presentation on insider threats in the SDLC was delivered by Dawn Cappelli, Andrew P. Moore, and Randy Trzeciak of the Software Engineering Institute's CERT Program in 2006.
read -
Preventing Insider Sabotage: Lessons Learned From Actual Attacks
November 14, 2005 • Presentation
Dawn Cappelli
In this 2005 presentation, Dawn Cappelli discusses preventing insider threat sabotage.
read -
Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model
August 11, 2005 • White Paper
Eliot Rich (University at Albany State University of New York)Howard F. LipsonDave Mundie
In this paper, the authors identify actions that may inadvertently lead to increased vulnerability to threats from employees, contractors, and clients.
read -
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector
June 01, 2005 • Technical Report
Marissa R. Randazzo (United States Secret Service)Michelle Keeney (United States Secret Service)Eileen Kowalski (United States Secret Service)
In this 2005 report, the authors outline the ITS, a study of insider incidents identified by public reporting or in fraud cases from the Secret Service.
read -
Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors
May 01, 2005 • Special Report
Tara Conway (National Threat Assessment Center)Susan Keverline (National Threat Assessment Center)Michelle Keeney (United States Secret Service)
In this report, the authors seek to close the gaps in the literature that make it difficult for organizations to fully understand the insider threat.
read -
Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem
January 01, 2005 • White Paper
David F. Andersen (University at Albany State University of New York)Elise A. Weaver (Worcester Polytechnic Institute)Aldo Zagonel (University at Albany, Rockefeller College of Public Affairs and Policy)
This paper discusses the preliminary system dynamic maps of the insider cyber-threat and describes the main ideas behind the research proposal.
read -
Insider Threat: Real Data on a Real Problem
November 09, 2004 • Presentation
Dawn CappelliMichelle Keeney (United States Secret Service)
In this presentation, the authors discuss the e-Crime Watch survey and the USSS/CERT Insider Threat study.
read -
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector
August 01, 2004 • Special Report
Dawn CappelliAndrew P. MooreMarissa R. Randazzo (United States Secret Service)
In this report, the authors present an overview of the Insider Threat Study (ITS), including its background, scope, study methods, and findings.
read -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: IIA. Evaluation Questions
July 01, 1987 • Technical Report
B. Craig MeyersDawn Cappelli
This report is the second in a series on the use of representation clauses and implementation-dependent features in Ada.
read -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: IIIA. Qualitative Results for VAX Ada
July 01, 1987 • Technical Report
B. Craig MeyersDawn Cappelli
This report, one in a series, provides a qualitative assessment of the support of representation clauses and implementation- dependent features in Ada provided by the VAX Ada compiler, Version 1.3.
read -
The Use of Representation Clauses and Implementation-Dependent Features in Ada: IIB. Experimental Procedures
July 01, 1987 • Technical Report
B. Craig MeyersDawn Cappelli
This report is one in a series dealing with the use of representation clauses and implementation-dependent features in Ada. The purpose of this report is to discuss detailed experimental procedures to assess compiler support.
read -
The Use of Representation Clauses and Implementation-DependentFeatures in Ada: IVA. Qualitative Results for Ada/M(44)
July 01, 1987 • Technical Report
B. Craig MeyersDawn Cappelli
This report, one in a series, provides a qualitative assessment of the support of representation clauses and implementation-dependent features in Ada provided by the Ada/M(44) compiler, Version 1.6.
read