Skip to main content

MERIT ITL: The Insider Threat Lab

Researchers: Andrew Moore, Randall Trzeciak, Dawn Cappelli

Cross Cutting Thrusts: Business Risk Analysis and Economic Implications | Threat Analysis and Modeling | Next Generation Threat Prediction and Response

Abstract

Scope:  The Lab will be built using CERT's XNET tools. This will enable us to use virtualization to construct medium-sized networks at minimal cost, and to utilize state of the art tools for simulation and monitoring. The Lab can be used for multiple purposes, including establishing requirements for insider threat tools, developing standardized test suites for insider threat assessment, developing a test bed for insider attacks, running insider threat cyber defense exercises, and evaluating security technologies with respect to their usefulness in insider threat environments.

Outcomes:  Produce requirements for insider threat detection tools, that will be empirically based, enabling organizations to better safeguard their critical infrastructures. Deliverables include assisting DoD, CyLab Partners and other organizations in mapping their specific insider threat concerns to the types of security technologies currently available or being developed; and enabling CyLab researchers, CyLab partners, and others to confirm practicality of existing tool functionality, set strategic direction for future development, and form strategic partnerships.

See also: Insider Threat Analysis Center