The insider threat: It's a top challenge for any organization, and it's a hot topic for RSA Conference attendees. Dawn Cappelli and Randy Trzeciak preview their new book, The CERT Guide to Insider Threats.
Cappelli and Trzeciak are both leaders with the CERT Program at Carnegie Mellon University's Software Engineering Institute, and this new book represents the culmination of a decade's work on the insider threat.
"What we hope to accomplish with this book is to allow us to reach a wider audience and to create one place where practitioners can find actual guidance to address the insider threats to their organizations," Trzeciak says. "Also, this book was written for a broad audience, consistent with our message that we believe that the most effective way to address insider threats is not solely by technical controls alone ... it needs to be enterprise-wide."
Case studies are the core of the authors' research, and Cappelli says they reflect the evolution of insider crimes. "What we find is: The technical methods change. People no longer use CDs or discs so much as using USB drives ... but the basic patterns in the cases don't change."
In the book, co-authored with Andrew Moore, the researchers address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers and even cloud computing vendors.
In an exclusive interview about their new book and the insider threat, Cappelli and Trzeciak discuss:
- The evolution of the insider threat;
- Key trends to watch in 2012;
- Advice on how organizations can protect themselves.
Insider threat is also the topic of an RSA Conference presentation by Cappelli, "The CERT Top 10 List for Winning the Battle Against Insider Threats," which will be held Weds., Feb. 29, at 10:40 a.m. in Room 304 of the Moscone Center.
Cappelli, CISSP, is Technical Manager of the Insider Threat Center and the Enterprise Threat and Vulnerability Management team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. Her team's mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. Her team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. Dawn has 30 years of experience in software engineering, including programming, technical project management, information security, and research. She is often an invited speaker at national and international venues, is an adjunct professor in Carnegie Mellon's Heinz College of Public Policy and Management and is currently Vice-Chair for the CERT Computer Security Incident Handler Certification Advisory Board.
Trzeciak is currently a senior member of the technical staff at CERT. He is the technical team lead of the Insider Threat Research team; a team focusing on insider threat research; threat analysis and modeling; assessments; and training. Randy has over 20 years experience in software engineering; database design, development, and maintenance; project management; and information security. Before joining Carnegie Mellon University, Randy worked for Software Technology Incorporated, in Alexandria VA, as a consultant to the Naval Research Laboratory (NRL). He also is an adjunct professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management. Randy holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.