For more than a decade, Carnegie Mellon University's CERT Insider Threat Center has studied and mapped the various risks of fraud, sabotage and theft of intellectual property. But the landscape is changing, and the latest research offers new insights on managers who commit fraud, as well as innocent employees who are exploited by external agents.
In this video interview, Dawn Cappelli and Randy Trzeciak of the Insider Threat Center discuss:
- Who typically commits insider crimes - and how;
- How employees are being victimized from outside;
- Why our critical infrastructure is at heightened risk.
Cappelli, CISSP, is Technical Manager of the Insider Threat Center and the Enterprise Threat and Vulnerability Management team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. Her team's mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity.
Trzeciak is currently a senior member of the technical staff at CERT. He is the technical team lead of the Insider Threat Research team; a team focusing on insider threat research; threat analysis and modeling; assessments; and training. Trzeciak has over 20 years experience in software engineering; database design, development, and maintenance; project management; and information security.