The Threat of Deprecated BGP Attributes
This post examines how a small issue with Border Gateway Protocol routing, a deprecated path attribute, can cause a major interruption to Internet traffic.
Read MoreCategory: CERT Insider Threats
10 Lessons in Security Operations and Incident Management
This post outlines 10 lessons learned from more than three decades of building incident response and security teams throughout the globe.
Read MoreCERT Releases 2 Tools to Assess Insider Risk
The average insider risk incident cost organizations more than $600,000. To help organizations assess their insider risk programs, the SEI CERT Division has released two tools available for download.
Read MoreThe 13 Key Elements of an Insider Threat Program
COVID-19 changed the nature of the workplace. In this evolving climate, organizations need to be increasingly vigilant against insider incidents. In this post, we present the 13 key elements of an insider threat program.
Read MoreThe 13 Key Elements of an Insider Threat Program
COVID-19 changed the nature of the workplace significantly. In this evolving climate, organizations need to be increasingly vigilant against insider incidents. In this post, we present the 13 key elements of an insider threat...
Read MoreKeeping an Eye Out for Positive Risk
We commonly think about risks having negative consequences. With each month bringing new cybersecurity threats, breaches, and vulnerabilities, sound risk management practices are necessary….
Read MoreCybersecurity Governance, Part 1: 5 Fundamental Challenges
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems….
Read MorePatterns and Trends in Insider Threats Across Industry Sectors (Part 9 of 9: Insider Threats Across Industry Sectors)
In previous posts of our series analyzing and summarizing insider incidents across multiple sectors, we presented up-to-date statistics from the CERT National Insider Threat Center (NITC)….
Read MoreSeptember Is National Insider Threat Awareness Month
September 2019 has been declared National Insider Threat Awareness Month by the National Insider Threat Task Force, the National Counterintelligence and Security Center….
Read More7 Guidelines for Being a TRUSTED Penetration Tester
The best way to learn is by doing. But when it comes to penetration testing, learners risk legal implications and bad habits if they don’t follow ethical, safe procedures….
Read MoreImproving Insider Threat Detection Methods Through Software Engineering Principles
Tuning detective controls is a key component of implementing and operating an insider threat program, and one we have seen many organizations struggle with….
Read MoreInsider Threat Incident Analysis: Court Outcome Observations
In the United States, legal cases may be tried in criminal court or civil court. According to data in the CERT National Insider Threat Center (NITC) incident corpus, the type of court makes a big difference….
Read More