Skip to main content

Andrew Moore

Senior Member, CERT Technical Staff

[Email]

Andrew Moore

Research Areas

Survivable Distributed Systems

Cross Cutting Thrusts

Business Risk Analysis and Economic Implications, Next Generation Threat Prediction and Response, Threat Analysis and Modeling

Biography

Andrew P. Moore is a senior member of the CERT technical staff. Moore explores ways to improve the security, survivability, and resiliency of enterprise systems through insider threat and defense modeling, incident processing and analysis, and architecture engineering and analysis.

Education

BA, College of Wooster, 1984
MA, Duke University, 1986

Professional Background

Before joining the SEI in 2000, he worked for the Naval Research Laboratory (NRL) investigating high-assurance system development methods for the Navy. He has over twenty years experience developing and applying mission-critical system analysis methods and tools, leading to the transfer of critical technology to both industry and the military.

While at the NRL, Moore served as member of the U.S. Defense Science and Technology review (Information Technology TARA) panel on Information Assurance; the International Technical Cooperation Program, Joint Systems and Analysis Group on Safety-Critical Systems, (TTCP JSA-AG-4); and the Assurance Working Group of DARPA’s Information Assurance Program. He has served as principal investigator on numerous projects sponsored by NSA and DARPA. He has also served on numerous computer assurance and security conference program committees and working groups. Moore has published two book chapters and a wide variety of technical journal and conference papers. His research interests include computer and network attack modeling and analysis, IT management control analysis, survivable systems engineering, formal assurance techniques, and security risk management.

 

Research Projects

Empirically-Based Insider Threat Risk Assessment Diagnostic

Cross Cutting Thrusts: Threat Analysis and Modeling | Next Generation Threat Prediction and Response
Researchers: Andrew Moore, Dawn Cappelli

Exploratory R&D of a Technology-Driven Insider Threat Scoring Metric

Cross Cutting Thrusts: Next Generation Threat Prediction and Response | Threat Analysis and Modeling
Researchers: Andrew Moore, Randall Trzeciak

MERIT ITL: The Insider Threat Lab

Cross Cutting Thrusts: Business Risk Analysis and Economic Implications | Threat Analysis and Modeling | Next Generation Threat Prediction and Response
Researchers: Andrew Moore, Randall Trzeciak, Dawn Cappelli

Basis for Empowering Business IT Managers

Cross Cutting Thrusts: Threat Analysis and Modeling | Business Risk Analysis and Economic Implications
Researchers: Andrew Moore, Randall Trzeciak, Dawn Cappelli

Insider Threat Analysis Center

Cross Cutting Thrusts: Threat Analysis and Modeling | Next Generation Threat Prediction and Response
Researchers: Andrew Moore, Randall Trzeciak, Dawn Cappelli

Analyzing the Threat Dynamics of Complex Networked Systems

Research Area: Survivable Distributed Systems
Cross Cutting Thrusts: Threat Analysis and Modeling
Researchers: Andrew Moore, Timothy Shimeall

Management & Education of Risks of Insider Threat (MERIT)

Researchers: Andrew Moore, Dawn Cappelli

Publications

"A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders". Moore, A.P., Hanley, M., and Mundie, D. 2012. In Proc. 18th Conference on Pattern Languages of Programs (PLoP). PLoP'11, October 21-23 2011, ACM Press ACM 978-1-4503-1283-7, 2012. www.hillside.net/plop/2011/papers/D-6-Moore.pdf

"A Pattern for Trust Trap Mitigation". Mundie, D. and A.P. Moore. 2012. In Proc. 18th Conference on Pattern Languages of Programs (PLoP). PLoP'11, October 21-23 2011, ACM Press ACM 978-1-4503-1283-7, 2012. http://www.hillside.net/plop/2011/papers/D-23-Mundie.doc

"The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)". D.M. Cappelli, Moore, A.P., R.F. Trzeciak. Addison-Wesley, 2012.

"A Preliminary Model of Insider Theft of Intellectual Property". Moore, A. P., Cappelli, D. M., Caron, T.C., Shaw, E., Spooner, D. & Trzeciak, R. F. (2011). Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications, Special Issue Addressing Insider Threats and Information Leakage, 2011. http://www.isyou.info/jowua/papers/jowua-v2n1-2.pdf

"Goal-Based Assessment for the Cybersecurity of Critical Infrastructure". Merrell, S., Moore, A. P., Stevens, J., In Proc. of the 2010 IEEE International Conference on Technologies for Homeland Security, Waltham, MA, 8-10 November 2010.