Insider Threat Activity

Overview

The goal of this activity is to learn some useful stories about insider threat by examining historical case studies.

Setup

This activity is for groups of N/5 people, where N is the number of students in the class. Groups will be assigned by the instructor. Create a presentation in GoogleDocs and share it with the course instructor.

Activity

The CERT organization studies real-life insider threat incidents and publishes a common sense guide to detecting and mitigation insider threats. Here is the most recent 2019 version. Additionally, CERT publishes reports about insider threats in various industry sectors. These reports contain case studies that you will be examining:

• Banking and Finance
• Critical Infrastructure
• Information Technology and Telecommunications
• Government
• Association with Organized Crime
• Trusted Business Partners

As a group, review the report and discuss the findings/individual case studies.

Prepare an informal, 6-8 minute, 2-3 slide presentation on your sector. One person may present, or multiple people – your choice. Here are some ideas:

• Discuss specific incidents. Tell an interesting story you read.
• Provide insteresting statistics from the report.
• What are the motivations of the insiders in this domain?
• How technically sophisticated were the attacks?

Submission & Grading

Share your Google Presentation with the instructor. If we have time, you may be (randomly) selected to present next class. You will not be graded on this assignment, only your participation is required.