CERT

CERT

By shellatreille | returnsyourgazeart | 30 Nov 2020


The CERT (Computer Emergency Response Team) Division of the Software Engineering Institute (SEI) at Carnegie Mellon University is an excellent resource on insider threats, including the theft of intellectual property.  According to the CERT Division, insider threat is defined as the potential for an individual who has or had authorized access to an organization’s assets to use that access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.  An insider threat can be intentional or unintentional.  It also includes workplace violence.  The CERT Division has many resources on insider threats and the theft of intellectual property, which include Technical Papers, Computer Security Incident Response Teams (CSIRTs), License SEI Materials: Insider Threat Partner Opportunity, Courses, Workforce Development, Insider Threat Blog, Software and Tools, Webinars, and Podcasts (Theis et al., 2019).

The SEI has a digital library that contains thousands of technical papers and documents, which include a plethora of documents on protecting intellectual property from insider theft, along with other insider threats.  The documents include SEI Technical Reports, research, conferences, survey results, and source code (SEI, n.d.g).  One of the technical reports contained within this digital library is the sixth edition of the “Common Sense Guide to Mitigating Insider Threats.”  This guide provides information and recommendations that can assist an organization’s various departments, including IT, Human Resources, Management, Software Engineering, Information Assurance, Physical Security, Data Owners, and Legal.  This guide helps organizations to address and mitigate these threats by creating policies, procedures, and technology to eradicate these threats within the entire organization.  Insider threats are typically influenced by technical, behavioral, and organizational issues.  The guide has details on 21 procedures that organizations should employ to prevent and detect insider threats (Theis et al., 2019). 

CSIRTs can help organizations to react fast and effectively when insider threats and the theft of intellectual property occurs.  CSIRTs can assist organizations with creating, implementing, and improving incident management capabilities.  This helps organizations protect themselves from insider threats and can help limit the scope and damage of these threats.  CSIRTs can provide ways for organizations to evaluate and enhance their capability to manage insider threats.  Evaluating incident management capabilities includes incident management capability metrics, which will provide organizations with a baseline for comparison with their current incident management processes.  Mission risk diagnostics for incident management capabilities is a risk-based approach for evaluating how well the organization’s incident management can accomplish its mission and objectives.  The SEI provides organizations with training on these topics.  There are incident handling courses that are provided to managers, project leaders, CSIRT staff, and computer forensic professionals.  Also provided by the SEI are licensing and training materials that allow organizations to sponsor SEI-authorized insider threat vulnerability assessors to perform CERT insider threat vulnerability assessments (SEI, n.d.a).

Organizations can license SEI materials and become an SEI Partner for Insider Threat.  This resource allows organizations to license the CERT Insider Threat Vulnerability Assessment tool.  It also allows them to sponsor SEI-Authorized Insider Threat Vulnerability Assessors (ITVA) to perform evaluations.  This evaluation helps organizations to identify issues that impact their insider threat risk design, implement tactical countermeasures, and devise a strategic action plan for long-term risk mitigation.  Evaluations conducted by individuals with ITVA credentials will assist organizations with identifying and responding to organizational vulnerabilities using processes based on actual cases and research by the CERT Insider Threat Center.  Evaluations conducted by individuals with the Insider Threat Program Evaluator (ITPE) credential can help organizations understand how effective their current insider threat program is by using the CERT Insider Threat Program Evaluation methodology (SEI, n.d.d).

SEI offers courses, workshops, and seminars on Insider Threats, along with many other topics.  The courses are taught by industry experts and include hands-on tasks and real-world situations.  SEI assists organizations with professional and workforce development.  Courses can be taken online, in SEI’s classroom, or at the organization’s location.  SEI courses provide organizations with the tools to create and maintain software and systems.  They assist organizations with becoming efficient, secure, and reliable.  Some of the courses on Insider Threats include “Assessing Information Security Risk Using the OCTAVE Approach,” “Building an Insider Threat Program,” “Insider Threat Analyst,” “Insider Threat Awareness Training,” “Insider Threat Overview: Preventing, Detecting and Responding to Insider Threats,” “Insider Threat Program Evaluator,” “Insider Threat Program Evaluator (ITPE) Certificate Package,” and “Insider Threat Program Evaluator Certificate Examination” (SEI, n.d.b). 

The SEI has a Workforce Development program that helps organizations find ways to transfer knowledge and skills to their cyber workforce, such as how to combat insider threats.  The STEPfwd Learning Management System will train employees to identify, resist, and recover from attacks on networks, systems, and insider threats.  There is also the STEP (Simulation, Training, and Exercise Platform) program, which allows employees to go inside an environment where they can identify and practice real scenarios.  STEPfwd will combine asynchronous classroom-style instruction and synchronous exercises to develop an organization’s employees' capabilities in information assurance, incident response, computer forensics, insider threat, software security, and other information security topics.  The SEI can provide a Cyber Workforce Assessment and Evaluation.  This evaluation will assist organizations with filling in any gaps in essential competencies for their employees.  The organization’s cyber workforce will be evaluated with accurate, objective, and scalable methods and technologies.  When the organization’s competency gaps have been found, SEI will create a targeted plan to address them using expert content and curricula that meet the organization’s workforce development needs (SEI, n.d.i). 

The SEI publishes several blogs.  One of the blogs is called “Insider Threat Blog.”  This blog regularly publishes articles on “Real-World Work Combating Insider Threats.”  It provides current information on insider threats.  It also provides the contact information for each article’s author so that organizations can ask questions or obtain additional information.  Some of the most recent blog posts include “Maturing Your Insider Threat Program into an Insider Risk Management Program,” “Insider Threat Incident Analysis: Court Outcome Observations,” and “Improving Insider Threat Detection Methods Through Software Engineering Principles” (SEI, n.d.c). 

SEI offers a variety of software and tools for organizations to use.  Software, tools, and documents can be accessed and downloaded.  Organizations can use SEI’s technology and management techniques to improve their software projects, their software systems’ quality and behavior, and the security and survivability of their networked systems.  Two examples of software and tools for insider threats include “Controls Systems Code Samples Download” and the “Insider Threat Test Dataset.”  The “Controls Systems Code Samples” assist organizations with protecting text-based intellectual property, including source code repositories.  The “Insider Threat Test Dataset” is a collection of synthetic insider threat test datasets that provide background and malicious actor synthetic data (SEI, n.d.f). 

SEI offers webinars on insider threats.  The webinars allow organizations to remain informed on the latest research and solutions to insider threats.  Some of the most recent insider threat webinars included “Insider Threats: Your Questions. Our Answers.,” “How to Build an Effective Insider Threat Program to Comply With the New NISPOM Mandate,” and “Panel Discussion: Managing the Insider Threat: What Every Organization Should Know” (SEI, n.d.h).  

SEI offers podcasts on insider threats.  The podcasts allow organizations to hear conversations about insider threats.  Some of the most recent insider threat podcasts included “Defending Your Organization Against Business Email Compromise,” “Workplace Violence and Insider Threat,” “5 Best Practices for Preventing and Responding to Insider Threat,” “Positive Incentives for Reducing Insider Threat,” and “Mitigating Insider Threat - New and Improved Practices Fourth Edition” (SEI, n.d.e). 

The CERT Division has many additional resources for learning about insider threats, along with many other information security topics.  CERT’s various resources are very informative.  They also offer many ways to learn and obtain information through articles, research, news and events, education and outreach, webinars, podcasts, blogs, articles, SEI classroom learning, online learning, onsite training, and much more.  CERT has programs and materials for any learning style and need. 

References

 

SEI. (n.d.a). Computer Security Incident Response Teams. Retrieved from Software Engineering

Institute (SEI), Carnegie Mellon University:

https://www.sei.cmu.edu/education-outreach/computer-security-incident-response-teams/index.cfm 

 

SEI. (n.d.b). Courses. Retrieved from Software Engineering Institute (SEI), Carnegie Mellon

University: https://www.sei.cmu.edu/education-outreach/courses/index.cfm

 

SEI. (n.d.c). Insider Threat Blog. Retrieved from Software Engineering Institute (SEI), Carnegie

Mellon University: https://insights.sei.cmu.edu/insider-threat/

 

SEI. (n.d.d). Insider Threat Partner Opportunity: Become an SEI Partner for Insider Threat. Retrieved

           from Software Engineering Institute (SEI), Carnegie Mellon University:

https://www.sei.cmu.edu/education-outreach/license-sei-materials/insider-threat-partner-opportunity/index.cfm 

 

SEI. (n.d.e). Podcast Series. Retrieved from Software Engineering Institute (SEI), Carnegie Mellon

University: https://www.sei.cmu.edu/publications/podcasts/index.cfm

 

SEI. (n.d.f). Software and Tools. Retrieved from Software Engineering Institute (SEI), Carnegie

Mellon University: https://www.sei.cmu.edu/publications/software-tools/index.cfm

 

SEI. (n.d.g). Technical Papers. Retrieved from Software Engineering Institute (SEI), Carnegie Mellon

University: https://www.sei.cmu.edu/publications/technical-papers/index.cfm

 

SEI. (n.d.h). Webinar Series. Retrieved from Software Engineering Institute (SEI), Carnegie Mellon

University: https://www.sei.cmu.edu/publications/webinars/index.cfm

 

SEI. (n.d.i). Workforce Development. Retrieved from Software Engineering Institute (SEI), Carnegie

Mellon University:

https://www.sei.cmu.edu/education-outreach/workforce-development/index.cfm

 

Theis, M.C., Trzeciak, R.F., Costa, D.L., Moore, A.P., Miller, S., Cassidy, T., & Claycomb, W.R.

(2019). Common Sense Guide to Mitigating Insider Threats, 6th ed (CMU/SEI-2018-TR-010).

Retrieved February 16, 2020, from the Software Engineering Institute, Carnegie Mellon

University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540644

 

How do you rate this article?

0


shellatreille
shellatreille

Artist, Photographer, Writer, Creative Innovator, Website / Graphic Designer, & Human Resources Manager in Orem, Utah. I enjoy learning new things, traveling to historic, paranormal, & abandoned places, rock hounding, museums, technology, & the abstract.


returnsyourgazeart
returnsyourgazeart

This blog will showcase my photography, art, short stories, poetry, and recipes. It will be abstract and colorful. My website: www.ReturnsYourGazeArt.com and www.shellatreille.com

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.