Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data
• Technical Note
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2011-TN-003Subjects
Abstract
The insider threat continues to be one of the prime issues facing government entities and organizations across critical infrastructure sectors. Extensive catalogues of case material from actual insider events have been used by CERT, part of Carnegie Mellon University's Software Engineering Institute, to create socio-technical models of insider crime to help educate organizations on the risk of insider crime. Building upon this work, this paper seeks to demonstrate how a useful method for extracting technical information from previous insider crimes and mapping it to previous modeling work can create informed candidate technical controls and indicators. This paper also shows current examples of case material and candidate indicators that have been successfully converted into well-received insider threat training modules.
Cite This Technical Note
Hanley, M. (2011, January 1). Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data. (Technical Note CMU/SEI-2011-TN-003). Retrieved April 23, 2024, from https://insights.sei.cmu.edu/library/deriving-candidate-technical-controls-and-indicators-of-insider-attack-from-socio-technical-models-and-data/.
@techreport{hanley_2011,
author={Hanley, Michael},
title={Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data},
month={Jan},
year={2011},
number={CMU/SEI-2011-TN-003},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/deriving-candidate-technical-controls-and-indicators-of-insider-attack-from-socio-technical-models-and-data/},
note={Accessed: 2024-Apr-23}
}
Hanley, Michael. "Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data." (CMU/SEI-2011-TN-003). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, January 1, 2011. https://insights.sei.cmu.edu/library/deriving-candidate-technical-controls-and-indicators-of-insider-attack-from-socio-technical-models-and-data/.
M. Hanley, "Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2011-TN-003, 1-Jan-2011 [Online]. Available: https://insights.sei.cmu.edu/library/deriving-candidate-technical-controls-and-indicators-of-insider-attack-from-socio-technical-models-and-data/. [Accessed: 23-Apr-2024].
Hanley, Michael. "Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data." (Technical Note CMU/SEI-2011-TN-003). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Jan. 2011. https://insights.sei.cmu.edu/library/deriving-candidate-technical-controls-and-indicators-of-insider-attack-from-socio-technical-models-and-data/. Accessed 23 Apr. 2024.
Hanley, Michael. Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data. CMU/SEI-2011-TN-003. Software Engineering Institute. 2011. https://insights.sei.cmu.edu/library/deriving-candidate-technical-controls-and-indicators-of-insider-attack-from-socio-technical-models-and-data/