Using centralized logging to mitigate Insider Threat

The CERT Insider Threat Center, part of Carnegie Mellon University’s Software Engineering Institute, maintains a database of more than 600 insider threat cases.

Organizations must carefully consider employee communications during the time frame immediately preceding termination. Many insiders have stolen information within the 30 days prior to departure. Many of these thefts occurred via corporate email servers. A well-constructed rule set could be placed on a centralized logging application to identify suspicious mail traffic originating from soon-to-be-departing employees.

Read the full report here – http://resources.sei.cmu.edu/asset_files/TechnicalNote/2011_004_001_15368.pdf

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top