Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

4.3 3
by Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak

See All Formats & Editions

Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes


Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.


The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.


This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.


With this book, you will find out how to

  • Identify hidden signs of insider IT sabotage, theft of sensitive information, and fraud
  • Recognize insider threats throughout the software development life cycle
  • Use advanced threat controls to resist attacks by both technical and nontechnical insiders
  • Increase the effectiveness of existing technical security tools by enhancing rules, configurations, and associated business processes
  • Prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground

By implementing this book’s security practices, you will be incorporating protection mechanisms designed to resist the vast majority of malicious insider attacks.

Editorial Reviews

From the Publisher

“For years, researchers at the CERT Insider Threat Center at Carnegie Mellon’s Software Engineering Institute have been collecting and studying data on real-world insider incidents. This year, they published a book cataloging the results of their research, called The CERT Guide to Insider Threats. This book is an invaluable guide to establishing effective processes for managing the risk of insider attacks, and it should be on every security professional’s wish list this year. In general, the insider threat drives home the point that perimeter defenses are no longer enough. IT organizations also need to be able to see into their internal networks to identify suspicious activity.”

-- Tom Cross, Director of Security Research at Lancope, guest writing for Forbes CIO Central

Product Details

Pearson Education
Publication date:
SEI Series in Software Engineering
Sold by:
Barnes & Noble
File size:
8 MB

Related Subjects

Meet the Author

Dawn Cappelli, CISSP, is Technical Manager of the CERT Insider Threat Center and the Enterprise Threat and Vulnerability Management Team at Carnegie Mellon University’s Software Engineering Institute (SEI). She has spent the past decade working with organizations such as the U.S. Secret Service and Department of Homeland Security in protecting the United States against insider threats. Andrew Moore is Lead Researcher in the CERT Insider Threat Center and Senior Member of Technical Staff at SEI. Randall Trzeciak is a Senior Member of Technical Staff at SEI, and Technical Team Lead for the Insider Threat Research Group at the CERT Insider Threat Center.

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) 4.3 out of 5 based on 0 ratings. 3 reviews.
Anonymous More than 1 year ago
SDSUG Book Review I found Cappelli, Moore, and Trzeciak's CERT Guide to Insider Threats to be a fascinating read, even considering my limited knowledge level. I knew I was in for some serious mind-stimulation based solely on the length of the preface and acknowledgments. My favorite part of the book is that it is designed so that every chapter can be self-sustaining, and reading the whole book in order isn’t actually necessary – just read chapter 1 and then you are free to read whatever chapter sounds the neatest…or is the most relevant to your situation. For example, take chapters 1-4. Chapter 1 provides an overview and briefs you on the three types of insider IT threats (as defined by CERT). It also introduces you to the CERT Insider Threat Center and the CERT database. Chapters 2-4 then elaborate on each of the three insider threats introduced in chapter 1, with a chapter dedicated to each threat respectively. One thing to note: this book intentionally chooses to exclude national security espionage. Chapter 5 covers vulnerabilities in software engineering, exposing a company to malicious insiders. 6 and 7 focus on mitigation, while chapter 8 is chocked full of actual examples from the CERT database. Even Chapter 9, which is advertised as a “conclusion” still has loads of information to present – mostly stuff that didn’t really fit in the other chapters. To top it all off, there are several appendices that are as much must-read material as any of the chapters in this book. Now, it’s probably relevant to my review that I disclose that I am not in the IT industry…yet. Though I am no spring chicken, I have returned to school the last couple years to study this subject and I do hope to find employment in this field very soon. With that being said, having a book like this to help develop my understanding is invaluable. The layout and design of the book does mean that there are some subjects (even entire chapters) that may not have relevance to everyone, but considering how much of a threat insiders pose (as this book helped me to fully grasp), in my opinion this is a tool more so than a book to read. Granted, I may be quite a ways off from being in a position to implement strategies provided in this book or to even be remotely influential in any kind of threat prevention, but this book does help build a foundation of knowledge that every employee anywhere should have and understand. We’ve all heard the stories of people who try to “stick it to the man”, but what this book really excels at is developing such an awareness of the true threat that insiders pose, that you can’t help but walk away from this book trying to put yourself in the minds of any disgruntled friends/coworkers you may have. Overall I found the book to be well written and easy to follow. The writers of this book clearly want you to take away some very important information, so they even go so far as to include highlighted Tips and Notes sections throughout the book – and not just a few! Pretty much every few pages there’s at least either a note and/or tip to digest. As a current student, I especially appreciated that this book is written similar to a textbook. Clearly, the people at the CERT threat center want their readers to actually LEARN something (many somethings in fact), versus just being entertained. Ultimately, though this book is geared for those already embedded in the industry, it is written as an educational tool, giving it value even to those of us who don’t have a wealth of IT experience. I would absolutely recommend this book! For those just curious about how damaging insider threats can truly be, read chapter 1 and then jump to chapter 8. I guarantee after that, you’ll want to delve further into CERT!
Anonymous More than 1 year ago
Book review for SDSUG-The authors of The Cert Guide to Insider Threats went to great lengths to teach the reader how to spot precursor behaviors and patterns leading up to an attack. This book outlines not only the skills needed to analyze the data coming in, but also what data to look for and the mitigation strategies to stop a threat from doing damage. It is clear the authors have done extensive research into the subject and offer creditable solutions to the problem. I would highly recommend this book to security professionals as well as anyone else interested in the subject.
Anonymous More than 1 year ago
The book, "The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)" is a very interesting and informative read. This book breaks down and categorizes insider threats into three categories which are: 1) Insider IT Sabotage, 2) Insider Theft of Intellectual Property and 3) Insider Fraud. This breakdown simplifies deciding what kinds of insider threats exist for the reader. I think the book's idea of linking particular events listed in human resource records, particularly those of system and network administrators, as automatic triggers for IT Security audits is an excellent idea. This book has thoroughly and successfully presented it's theory that a correlation between a system and network administrator's downward slide in their behavior as reflected by their human resource's record and their potential as a disgruntled employee that could be a potential insider threat exists. This book's presentation of the many documented cases where disgruntled employees who became insider threats actually carried out attacks categorized into one of the three above mentioned categories, solidly supports this theory. I would really like to suggest automatically activating an IT Security audit of any system and network administrator who appears to be disgruntled as reflected by their human resource records to my company. Such an automatically activated audit would be an excellent way to prevent someone with elevated privileges from carrying out an insider attack. However, the sad reality is, I don't think many companies would dedicate the time & money needed to implement such a program, until this correlation could be accurately quantified in terms of justifying how it would save the company money. Quantifying the value of proactive IT Security is the most difficult thing about justifying it's existence. Perhaps the next step in proving this theory would be to quantify exactly in terms of dollars and cents how much money a company could save by implementing this program. Overall though, I believe this book could be valuable to anyone involved in IT Security. Even if a company chose not to implement an automatic IT Security audit of a network or system administrator who looks like they may be on their way out, the information presented in this book could really help any company recognize the warning signs of someone who is disgrunted, who may be turning into an insider threat that may carry out an IT network.