Detecting and Identifying Insider Threats
Successful insider threat programs proactively use a mitigation approach of detect and identify, assess, and manage to protect their organization. The foundation of the program’s success is the detection and identification of observable, concerning behaviors or activities.
Threat detection and identification is the process by which persons who might present an insider threat risk due to their observable, concerning behaviors come to the attention of an organization or insider threat team. Detecting and identifying potential insider threats requires both human and technological elements. An organization’s own personnel are an invaluable resource to observe behaviors of concern.
While virtually every person will experience stressful events, most do so without resorting to disruptive or destructive acts. For those insiders that turn to malicious activity, researchers have found that the acts are rarely spontaneous; instead, they are usually the result of a deliberate decision to act.
Resources
- CISA Insider Threat Mitigation Guide
- The Interagency Security Committee’s Violence in the Federal Workplace: A Guide for Prevention and Response provides guidance on how agencies can develop a workplace violence program capable of preparing for, preventing, and responding to incidents of workplace violence.
- Carnegie Mellon University Engineering Institute’s technical report An Insider Threat Indicator Ontology provides an ontology for insider threat indicators, describes how the ontology was developed, and outlines the process by which it was validated.
- The FBI's Making Prevention a Reality: Identifying, Assessing, and Managing the Threat of Targeted Attacks is a practical guide on assessing and managing the threat of targeted violence.
- The NATO Cooperative Cyber Defense Center of Excellence Insider Threat Detection Study focuses on the threat to information security posed by insiders.
- The USSS’s National Threat Assessment Center provides analyses of Mass Attacks in Public Spaces that identify stressors that may motivate perpetrators to commit an attack.