Matthew L. Collins
Software Engineering Institute
Publications by Matthew L. Collins
-
Common Sense Guide to Mitigating Insider Threats, Fifth Edition
December 21, 2016 • Technical Report
Matthew L. CollinsMichael C. TheisRandall F. Trzeciak
Presents recommendations for mitigating insider threat based on CERT's continued research and analysis of over 1,000 cases.
read -
The Critical Role of Positive Incentives for Reducing Insider Threats
December 15, 2016 • Technical Report
Andrew P. MooreJeff SavindaElizabeth A. Monaco
This report describes how positive incentives complement traditional practices to provide a better balance for organizations' insider threat programs.
read -
An Insider Threat Indicator Ontology
May 10, 2016 • Technical Report
Daniel L. CostaMichael J. AlbrethsenMatthew L. Collins
This report presents an ontology for insider threat indicators, describes how the ontology was developed, and outlines the process by which it was validated.
read -
Effective Insider Threat Programs: Understanding and Avoiding Potential Pitfalls
October 16, 2015 • White Paper
Andrew P. MooreWilliam E. NovakMatthew L. Collins
In this paper, the authors describe the potential ways an insider threat program (InTP) could go wrong and to engage the community to discuss its concerns.
read -
Social Network Dynamics of Insider Threats: A Preliminary Model
July 23, 2015 • Conference Paper
Andrew P. MooreKathleen Carley (Carnegie Mellon School of Computer Science)Matthew L. Collins
This paper describes a system dynamics model of insider espionage social networks. The model focuses on two forms of social capital: expectations and social norms.
read -
Pattern-Based Design of Insider Threat Programs
December 09, 2014 • Technical Note
Andrew P. MooreMatthew L. CollinsDave Mundie
In this report, the authors describe a pattern-based approach to designing insider threat programs that could provide a better defense against insider threats.
read -
An Incident Management Ontology
November 25, 2014 • Conference Paper
Dave MundieRobin RuefleAudrey J. Dorofee
In this paper, the authors describe the shortcomings of the incident management meta-model and how an incident management ontology addresses those shortcomings.
read -
An Ontology for Insider Threat Indicators
November 24, 2014 • Conference Paper
Daniel L. CostaMatthew L. CollinsSamuel J. Perl
In this paper, the authors describe their ongoing development of an insider threat indicator ontology.
read -
Insider Threat Mitigation Project
October 28, 2014 • Poster
Kathleen Carley (Carnegie Mellon School of Computer Science)Neal AltmanGeoff Morgan (Carnegie Mellon School of Computer Science)
In this poster, the approach taken by the Insider Threat Mitigation Project is illustrated, including ego-centered and email-centered analyses.
read -
Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector
July 09, 2014 • Conference Paper
Jeremy R. StrozerMatthew L. CollinsTracy Cassidy
In this paper, the authors provide documented research to advance the understanding of the unintentional insider threat (UIT) that results from phishing and other social engineering cases, specifically those involving malicious software (malware).
read -
Spotlight On: Programmers as Malicious Insiders–Updated and Revised
December 02, 2013 • White Paper
Matthew L. CollinsDawn CappelliThomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University)
In this paper, the authors describe the who, what, when, where, and how of attacks by insiders using programming techniques and includes case examples.
read -
Four Insider IT Sabotage Mitigation Patterns and an Initial Effectiveness Analysis
October 22, 2013 • Conference Paper
Lori FlynnJason W. ClarkAndrew P. Moore
In this paper, the authors describe four patterns of insider IT sabotage mitigation and initial results from 46 relevant cases for pattern effectiveness.
read -
Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations (2013)
May 20, 2013 • Technical Note
Matthew L. CollinsDerrick SpoonerDawn Cappelli
In this report, the authors provide a snapshot of individuals involved in insider threat cases and recommends how to mitigate the risk of similar incidents.
read