A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders

Abstract

A research project at the CERT Program is identifying enterprise architectural patterns to protect against the insider threat to organizations. This report presents an example of such a pattern - Increased Monitoring for Intellectual Property (IP) Theft by Departing Insiders - to help organizations plan, prepare, and implement a means to mitigate the risk of insider theft of IP. Our case data shows that many insiders who stole IP did so within 30 days of their termination. Based on this insight, this pattern helps reduce that risk through increased monitoring of departing insiders during their last 30 days of employment. The increased monitoring suggested by the pattern is above and beyond what might be required for a baseline organizational detection of potentially malicious insider actions. Future work will include development of a library of enterprise architectural patterns for mitigating the insider threat based on the data we have collected. Our goal is for organizational resilience to insider threat to emerge from repeated application of patterns from the library.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2012
Accession Number
ADA585504

Entities

People

  • Andrew P. Moore
  • David Mundie
  • Michael Hanley

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Computer Programs
  • Computer Science
  • Crime
  • Cybersecurity
  • Detection
  • Employment
  • Engineering
  • Information Systems
  • Insider Threats
  • Intellectual Property
  • Law
  • Monitoring
  • Personnel Management
  • Security
  • Software Design
  • Software Development
  • United States

Readers

  • Aviation Safety and Air Traffic Management
  • Cybersecurity.
  • Systems Analysis and Design