Information Security Education Journal Volume 2 Number 1 June 2015
35
intellectual property, destruction
and misuse of assets, or stolen valuable information that can undermine the attacked
organizations and/or individuals. The way to identify and prevent insider threat attacks is to educate employees in any
organization. The Computer Emergency Readiness Team (CERT) Insider Threat Center is a division of Carnegie Mellon University’s
Software Engineering Institute. They explain that policy enforcement and periodic security training for
all employees will greatly
reduce insider threat attacks in most organizations. The Intelligence and National Security Alliance (INSA) Cyber Council is a
group of executives from the public, private and academic sectors with expertise in cyber security with
the mission of improving
cyber security policies and practices in the public and private sector. According to INSA, as of September 2013, no standard
training program exists that can be used as a valid framework in the private sector to deal effectively with this kind of threat
(Cappos et al., 2014,Greitzer
et al., 2013
).
Insider threats are causing serious damages to governmental organizations and also to private companies.
Researchers at CERT
Insider Threat Center have developed Enterprise Architecture Patterns that cover people, processes,
technology and facilities
(CERT, n.d.).. These four elements have to be considered in order to protect and prevent against insiders.Insider threat attacks
are disastrous to organizations and there is a vital need to control and mitigate them. Mitigating damages can be successful
through use of an effective training module. Training modules designed through CyberCIEGE (Cone