Fandom

The IT Law Wiki

Common Sense Guide to Mitigating Insider Threats

32,198pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Citation Edit

George Silowash, Dawn Cappelli, Andrew P. Moore, Randall F. Trzeciak, Timothy J. Shimeall & Lori Flynn, Common Sense Guide to Mitigating Insider Threats (4th ed.) (Dec. 2012) (full-text).

Overview Edit

This report provides the most current recommendations of the CERT® Program (part of Carnegie Mellon University's Software Engineering Institute) on mitigating insider threats. It introduces the topic of insider threats, explains its intended audience and how this guide differs from previous editions, defines insider threats, and outlines current patterns and trends.

The guide then describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes challenges to implementation, quick wins and high-impact solutions for small and large organizations, and relevant security standards.

This edition focuses on six groups within an organization — human resources, legal, physical security, data owners, information technology, and software engineering — and maps the relevant groups to each practice. The appendices provide a revised list of information security best practices, a new mapping of the guide's practices to established security standards, a new breakdown of the practices by organizational group, and new checklists of activities for each practice.

Also on Fandom

Random Wiki