The Book on Insider Threats

Authors Discuss Key Trends for CISOs in 2012
The book provides information security leaders tips to identify insiders who can cause damage to information systems and data and guidelines on protecting their organizations from such individuals.

Cappelli and Trzeciak are both leaders with the CERT Program at Carnegie Mellon University's Software Engineering Institute, and this new book represents the culmination of a decade's work on the insider threat.

"What we hope to accomplish with this book is to allow us to reach a wider audience and to create one place where practitioners can find actual guidance to address the insider threats to their organizations," Trzeciak says. "Also, this book was written for a broad audience, consistent with our message that we believe that the most effective way to address insider threats is not solely by technical controls alone ... it needs to be enterprise-wide."

Case studies are the core of the authors' research, and Cappelli says they reflect the evolution of insider crimes. "What we find is: The technical methods change. People no longer use CDs or discs so much as using USB drives ... but the basic patterns in the cases don't change."

In the book, co-authored with Andrew Moore, the researchers address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers and even cloud computing vendors.

In an exclusive interview about their new book and the insider threat, Cappelli and Trzeciak discuss:

  • The evolution of the insider threat;
  • Key trends to watch in 2012;
  • Advice on how organizations can protect themselves.

Insider threat is also the topic of an RSA Conference presentation by Cappelli, "The CERT Top 10 List for Winning the Battle Against Insider Threats," which will be held Weds., Feb. 29, at 10:40 a.m. in Room 304 of the Moscone Center.

Cappelli, CISSP, is Technical Manager of the Insider Threat Center and the Enterprise Threat and Vulnerability Management team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. Her team's mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. Her team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. Dawn has 30 years of experience in software engineering, including programming, technical project management, information security, and research. She is often an invited speaker at national and international venues, is an adjunct professor in Carnegie Mellon's Heinz College of Public Policy and Management and is currently Vice-Chair for the CERT Computer Security Incident Handler Certification Advisory Board.

Trzeciak is currently a senior member of the technical staff at CERT. He is the technical team lead of the Insider Threat Research team; a team focusing on insider threat research; threat analysis and modeling; assessments; and training. Randy has over 20 years experience in software engineering; database design, development, and maintenance; project management; and information security. Before joining Carnegie Mellon University, Randy worked for Software Technology Incorporated, in Alexandria VA, as a consultant to the Naval Research Laboratory (NRL). He also is an adjunct professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management. Randy holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.