Spotlight On: Insider Threat from Trusted Business Partners. Version 2: Updated and Revised

Abstract

This article is the sixth in the series Spotlight On, published by the CERT Insider Threat Center at Carnegie Mellon University s Software Engineering Institute and funded by CyLab. Each article focuses on a specific area of concern and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. For more information about the CERT Program s insider threat work, see http://www.cert.org/insider_threat/. This article focuses on cases in which the malicious insider was employed by a trusted business partner of the victim organization. We first define the concept of trusted business partner (TBP) and then describe case scenarios in which a TBP has become an insider threat. These case scenarios concentrate on presenting the who, what, why, and how of the illicit activity. Finally, we provide recommendations that may be useful in countering these threats.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2012
Accession Number
ADA609903

Entities

People

  • Andrew P. Moore
  • Dawn M. Cappelli
  • Derrick Spooner
  • Randall F. Trzeciak
  • Robert M. Weiland
  • Todd Lewellen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Weapons Technologies

DTIC Thesaurus Topics

  • Commerce
  • Computer Programs
  • Computers
  • Contractors
  • Contracts
  • Crime
  • Employment
  • Engineering
  • Governments
  • Insider Threats
  • Intellectual Property
  • Money
  • Personnel Management
  • Sabotage
  • Security
  • Software Development
  • Threats

Readers

  • Business Analytics
  • Geospatial Intelligence and Artificial Intelligence Analytics
  • Software Engineering.