I picked this up from Networkworld.com:
After reading the article, I also saw MERIT (Management and Education of the Risk of Insider Threat) mentioned on the CERT website.CERT/CC has published a report called "Commonsense Guide to Prevention and Detection of Insider Threats". The information is based on the analysis of more than 150 known cases of malicious insider activity – how they happened and what could have helped to prevent them. The report also includes trends and patterns in the various malicious activities, which fell into categories including insider IT sabotage, fraud and theft of confidential or proprietary information.
As the report says, “insider threats are influenced by a combination of technical, behavioral, and organizational issues, and must be addressed by policies, procedures, and technologies. Therefore, it is important that management, human resources, information technology, and security staff understand the overall scope of the problem and communicate it to all employees in the organization.”
For more details about the 13 best practices, read the July 2006 report "Commonsense Guide to Prevention and Detection of Insider Threats" published by the Carnegie University CyLab. You can find it on the CERT Web site.
CERT's insider threat modeling, referred to as MERIT (Management and Education of the Risk of Insider Threat), uses empirical data collected by CERT to convey the "big picture" of the insider threat problem.
- The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures (pdf)
Technical Report, May 2008 - Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage (pdf)
- The MERIT Project
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment