Skip to main content

Empirically-Based Insider Threat Risk Assessment Diagnostic

Researchers: Andrew Moore, Dawn Cappelli

Cross Cutting Thrusts: Threat Analysis and Modeling | Next Generation Threat Prediction and Response


The objective of this project is to build a comprehensive diagnostic instrument which is empirically based on all of our prior insider threat research that can be used by organizations to self-assess their insider threat risk, with the ultimate goal of improving the resiliency and survivability of the organization. The insider threat assessment diagnostic will enable organizations to gain a better understanding of current insider threat activity and an enhanced ability to assess and manage associated risks. It will merge technical, organizational, personnel, and business security and process issues into a single, actionable framework. As in our past projects, our project team includes psychological and technical expertise. The instrument will be structured to encompass all stakeholders in the fight against insider threat: management, information technology, human resources, and physical security.

We will build a pilot instrument based on over 200 insider threat cases in the CERT case library, and will continue to expand our library with recent cases for inclusion in this research. We welcome collaboration with external organizations on this project. Collaboration opportunities range from review of the instrument to confidential sharing of insider case and/or best practice information for inclusion in the instrument. In return for participation, we will offer those organizations opportunities to pilot the insider threat risk assessment diagnostic. Following each pilot, we will provide them with a confidential report on the findings of the pilot, and suggestions for their improvement. As with all of our insider threat research, all collaborations will remain confidential and no references will ever be made to any organizations and/or individuals.

CERT Insider Threat Assessment

The new CERT Insider Threat Risk Assessment is positioned to assist you to better safeguard your critical infrastructure. The CERT project team will travel to your site to conduct an on-site assessment. The assessment will be conducted over a 3 day period, and will consist of interviews with key organizational personnel. Following the on-site portion of the assessment, CERT will provide you with a confidential report on the findings of the assessment, and considerations for potential mitigation strategies. Two assessments have already been completed and three more have been funded.