CERT
search  

about us
CERT, the home of the well-known CERT(R) Coordination Center, is located at Carnegie Mellon University's Software Engineering Institute. We study internet security vulnerabilities, research long-term changes in networked systems, and develop information and training to help you improve security.
take the tour

CERT Spotlight: Mitigating Threats from Within

CERT Common Sense Guide to Mitigating Insider Threats Fourth Edition

An insider is anyone who has or had authorized access to an organization's network, system, or data. Current or former employees, contractors, and business partners are in a unique position to damage an organization's information systems, intellectual property, finances, and reputation. A recent survey reported that a quarter of electronic crimes with identifiable perpetrators were committed by insiders.

For a decade, the CERT Program has studied how to prevent, detect, and respond to insider threats. The recently published fourth edition of Common Sense Guide to Mitigating Insider Threats, sponsored by the Department of Homeland Security, updates and expands the CERT Insider Threat Center's recommendations for a broad range of organizational stakeholders.

For this edition, the CERT Insider Threat Center delved into its expanding database of more than 700 cases of insider threat. Based on this and other CERT research, the Common Sense Guide recommends 19 new or revised best practices for mitigating the insider threat. Team tables make it easy for members of different organizational groups, such as IT, software engineering, and human resources, to find and apply the most relevant practices. The guide also maps each practice to existing standards, lists implementation challenges for large and small organizations, and outlines quick wins and high-impact solutions.

Download Common Sense Guide to Mitigating Insider Threats, 4th Edition, or explore more of the CERT Insider Threat Center's work.

Announcements

February 13, 2013

New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 19 (of 19)
This last of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 19: Close the doors to unauthorized data exfiltration.

February 11, 2013

New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 18 (of 19)
This eighteenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 18: Be especially vigilant regarding social media.

February 8, 2013

New Blog Entry: Common Sense Guide to Mitigating Insider Threats - Best Practice 17 (of 19)
This seventeenth of 19 blog posts about the fourth edition of the Common Sense Guide to Mitigating Insider Threats describes Practice 17: Establish a baseline of normal network device behavior.

more announcements

headlines headlines