Accession Number:



Common Sense Guide to Mitigating Insider Threats, Sixth Edition

Descriptive Note:

Technical Report

Corporate Author:

Carnegie Mellon University Software Engineering Institute Pittsburgh United States

Personal Author(s):

Report Date:


Pagination or Media Count:



This sixth edition of the Common Sense Guide to Mitigating Insider Threats provides the CERT National Insider Threat Centers most current recommendations from the CERTregistered Program, part of Carnegie Mellon Universitys Software Engineering Institute. These recommendations are based on our continued research and analysis of an expanded corpus of over 1,500 cases of insider threat. The problem of insider threat impacts organizations across all industries. Though the attack methods vary depending on the industry, the primary types of attacks we have identifiedtheft of intellectual property, sabotage, fraud, espionage, and unintentional incidentscontinue to hold true. This edition of the Common Sense Guide also considers workplace violence incidents as these types of threats have been fully incorporated into insider threat programs across the U.S. government, Department of Defense, and most of industry. The definition of insider threat has changed since the fifth edition and is now defined as the potential for an individual who has or had authorized access to an organizations assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization. This definition has been updated1 to include both intentional and unintentional insider threats as well as workplace violence.

Subject Categories:

  • Personnel Management and Labor Relations

Distribution Statement: