CSIAC

Cyber Security and Information Systems Information Analysis Center

header-right

Main navigation

/ Insider Threat

Topic: Insider Threat

Insiders may have accounts giving them legitimate access to computer systems, with this access originally having been given to them to serve in the performance of their duties; these permissions could be abused to harm the organization. Insiders are often familiar with the organization's data and intellectual property as well as the methods that are in place to protect them. This makes it easier for the insider to circumvent any security controls of which they are aware. Physical proximity to data means that the insider does not need to hack into the organizational network through the outer perimeter by traversing firewalls; rather they are in the building already, often with direct access to the organization's internal network. Insider threats are harder to defend against than attacks from outsiders, since the insider already has legitimate access to the organization's information and assets.

According to the Center for Development of Security Excellence (CDSE), an insider threat is defined as “the likelihood, risk or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the security of the United States or the organization.” Insider threats may include harm to contractor or program information to the extent that the information impacts the contractor or agency’s obligations to protect classified national security information.

CSIAC Product

State of the Art Report (SOAR): The Insider Threat to Information Systems

This report is available for a limited time at no cost. You only pay for postage ($6.00 for the first report, $2.00 for each additional).

This Information Assurance Technology Analysis Center (IATAC) State-of-the-Art Report (SOAR) describes the current “state-of-the-art” in the understanding and awareness of, and technical and non-technical countermeasures to the insider threat to information systems. It provides an overview of the current state of the understanding in the defense, civil government, industry, and academic sectors of who “insiders” are, how they operate, what threats they pose to information systems, and what motivates them. For each major sector in government (e.g., national security, civil agencies_, critical infrastructure (e.g., finance and banking energy), other industry (e.g., medical and healthcare, motion picture industry), and academia, the SOAR discusses key insider threat incidents and describes current and recent sector activities, initiatives, and solutions that address various aspects of insider threat. Technology solutions, both current and under research, to counter insider threat activity are examined, and capability gaps are identified. Best practices for addressing insider threat issues are also described.

Read More
Podcast

Insider Threat: Possible Indicators

| Leave a Comment

An insider threat is a malicious threat to an organization that comes from people within the organization. Learn how to spot some possible indicators of an insider threat. Learn some more about possible indicators for an Insider Threat by watching this related video: https://www.csiac.org/podcast/insider-threat/ Read More

Reference Document

Common Sense Guide to Mitigating Insider Threats, Fifth Edition

| Leave a Comment

This fifth edition of the Common Sense Guide to Mitigating Insider Threats provides the CERT Insider Threat Center’s most current recommendations from the CERT Division, part of Carnegie Mellon University’s Software Engineering Institute. These recommendations are based on our continued research and analysis of an expanded corpus of over 1,000 cases of insid Read More

Podcast

Insider Threat

| Leave a Comment

An insider threat is a malicious threat to an organization that comes from people within the organization. Learn how to spot indicators of an insider threat. Learn some more about possible indicators for an Insider Threat by watching this follow-up video: https://www.csiac.org/podcast/insider-threat-possible-indicators/ Read More

Reference Document

An Insider Threat Indicator Ontology

| Leave a Comment

The insider threat community currently lacks a standardized method of expression for indicators of potential malicious insider activity. We believe that communicating potential indicators of malicious insider activity in a consistent and commonly accepted language will allow insider threat programs to implement more effective controls through an increase in Read More

Reference Document

Combating the Insider Threat

| Leave a Comment

An insider threat is generally defined as a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization's information or information systems. Read More

AFRL Air Force Army Research Laboratory (ARL) Better Buying Power Biometric Cloud Computing Critical Infrastructure Protection (CIP) Cryptography Cyber Legislation Cybersecurity Cybersecurity Metrics Cybersecurity Training Cyber Warfare Dark Web Data Security DISA DoD Acquisition Lifecycle Encryption Enterprise Mission Assurance Support Service (eMASS) Hacking High Performance Computing HIPAA Hybrid Warfare Information Warfare Insider Threat Internet of Things (IoT) Intrusion Detection IT Security Linux Malware Mobile Security Network Security Open Source Software Password Security Phishing Protecting Controlled Unclassified Information (CUI) Quantum Computing Ransomware Risk Management Framework (RMF) Secure Software Simulation Software Cost Software Engineering Vulnerability Wargaming