Dawn M. Cappelli
Software Engineering Institute
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Dawn M. Cappelli.
Insider Attack and Cyber Security | 2008
Andrew P. Moore; Dawn M. Cappelli; Randall F. Trzeciak
A study conducted by the U.S. Secret Service and the Carnegie Mellon University Software Engineering Institute CERT Program analyzed 150 insider cyber crimes across U.S. critical infrastructure sectors. Follow-up work by CERT involved detailed group modeling and analysis of 54 cases of insider IT sabotage out of the 150 total cases. Insider IT sabotage includes incidents in which the insider’s primary goal was to sabotage some aspect of the organization or direct specific harm toward an individual. This paper describes seven general observations about insider IT sabotage based on our empirical data and study findings. We describe a System Dynamics model of the insider IT sabotage problem that elaborates complex interactions in the domain and unintended consequences of organizational policies, practices, technology, and culture on insider behavior. We describe the structure of an education and awareness workshop on insider IT sabotage that incorporates the previously mentioned artifacts as well as an interactive instructional case.
ieee symposium on security and privacy | 2008
Frank L. Greitzer; Andrew P. Moore; Dawn M. Cappelli; Dee H. Andrews; Lynn A. Carroll; Thomas D. Hull
The penetration of US national security by foreign agents as well as American citizens is a historical and current reality thats a persistent and increasing phenomenon. Surveys, such as the e-crime watch survey, reveal that current or former employees and contractors are the second greatest cybersecurity threat, exceeded only by hackers, and that the number of security incidents has increased geometrically in recent years. The insider threat is manifested when human behavior departs from compliance with established policies, regardless of whether it results from malice or a disregard for security policies. In this article, we focus on the need for effective training to raise staff awareness about insider threats and the need for organizations to adopt a more effective approach to identifying potential risks and then taking proactive steps to mitigate them.
Proceedings of the 2010 ACM workshop on Insider threats | 2010
Dawn M. Cappelli
1. Understanding the Complexity of Insider Threat According to research by the CERT Program (CERT) in the Software Engineering Institute at Carnegie Mellon University, approximately half of all organizat1ons experience at least one electronic crime perpetrated by an insider each year. These crimes include theft, sabotage, fraud, and espionage. CERT began researching this problem in 2001. It has compiled a database of more than 500 criminal cases in which current or former employees, contractors, or business partners abused the trust and access associated with their positions. As part of its research, CERT interviewed many victim organizations. It also interviewed some perpetrators themselves, complementing a wealth of case data with first-hand insights into the methods and motivations behind these crimes.
Archive | 2005
Marisa Reddy Randazzo; Michelle Keeney; Eileen Kowalski; Dawn M. Cappelli; Andrew P. Moore
Archive | 2005
Michelle Keeney; Eileen Kowalski; Dawn M. Cappelli; Andrew P. Moore; Timothy J. Shimeall; Stephanie Rogers
Archive | 2012
Dawn M. Cappelli; Andrew P. Moore; Randall F. Trzeciak
Archive | 2006
Stephen R. Band; Dawn M. Cappelli; Lynn F. Fischer; Andrew P. Moore; Eric D. Shaw; Randall F. Trzeciak
Archive | 2008
Eileen Kowalski; Tara Conway; Susan Keverline; Megan Williams; Dawn M. Cappelli; Bradford J. Willke; Andrew P. Moore
Archive | 2008
Eileen Kowalski; Dawn M. Cappelli; Andrew P. Moore
JoWUA | 2011
Andrew P. Moore; Dawn M. Cappelli; Thomas C. Caron; Eric D. Shaw; Derrick Spooner; Randall F. Trzeciak
