Accession Number:

ADA609903

Title:

Spotlight On: Insider Threat from Trusted Business Partners. Version 2: Updated and Revised

Descriptive Note:

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Report Date:

2012-10-01

Pagination or Media Count:

19.0

Abstract:

This article is the sixth in the series Spotlight On, published by the CERT Insider Threat Center at Carnegie Mellon University s Software Engineering Institute and funded by CyLab. Each article focuses on a specific area of concern and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. For more information about the CERT Program s insider threat work, see httpwww.cert.orginsiderthreat. This article focuses on cases in which the malicious insider was employed by a trusted business partner of the victim organization. We first define the concept of trusted business partner TBP and then describe case scenarios in which a TBP has become an insider threat. These case scenarios concentrate on presenting the who, what, why, and how of the illicit activity. Finally, we provide recommendations that may be useful in countering these threats.

Subject Categories:

  • Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE