Definitions[edit | edit source]

General[edit | edit source]

An insider threat is

[a] person or group of persons within an organization who pose a potential risk through violating security policies.[1]
[t]he threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities.[2]

Information technology[edit | edit source]

An insider threat is

[a]n entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service.[3]

Military[edit | edit source]

An insider threat is

[a] person, known or suspected, who uses their authorized access to Department of Defense facilities, systems, equipment, information or infrastructure to damage, disrupt operations, commit espionage on behalf of a foreign intelligence entity or support international terrorist organizations.[4]

U.S. federal government[edit | edit source]

An insider threat

arises when a person with authorized access to U.S. Government resources, to include personnel, facilities, information, equipment, networks, and systems, uses that access to harm the security of the United States.[5]

Overview[edit | edit source]

Such insiders are the principal source of computer crimes. One of the most harmful and difficult to detect threats to information security is the trusted insider who uses privileges in a malicious manner to disrupt operations, corrupt data, exfiltrate sensitive information, or compromise IT systems.

Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of the organization's computer system often allows them to gain unrestricted access to the system and to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors.

Some computer investigators have cited four categories of the insider problem: traitor, zealot, browser, and well intentioned.

"Insider threats are influenced by a combination of technical, behavioral, and organizational issues and must be addressed by policies, procedures, and technologies. Accordingly, best practices to mitigate insider threats involve an organization's staff in management, human resources (HR), legal counsel, physical security, information technology (IT), and information assurance (IA), as well as data owners and software engineers."[7]

"Some of the risks posed from insider threats in the financial sector are . . .:

Technical defenses[edit | edit source]

Techniques to mitigate the insider threat focus on monitoring systems to identify unauthorized access, establish accountability, filter malicious code, and track data pedigree and integrity. While an array of partial measures exists for countering the insider threat, these measure are limited in scope and capabilities. Among the challenges that add to the difficulty of this problem are:

The trusted insider operates within this large interconnected world of information systems relatively unchecked and unmonitored beyond the basic security mechanisms used primarily to detect untrusted outsiders and prevent them from penetrating and exploiting information assets. These factors make insider threat a complex problem that is beyond the scope of commercially available tools.

References[edit | edit source]

  1. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  2. 12 FAM 090 (full-text).
  3. IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework, App. B, Glossary.
  4. U.S. Department of Defense, Joint Pub. 1–02: DOD Dictionary of Military and Associated Terms (Nov. 8, 2010, as amended through May 15, 2011) (full-text).
  5. Office of the National Counterintelligence Executive, Insider Threat (full-text).
  6. NSTISSAM INFOSEC 1-99, at 2-3.
  7. Anticipating and Solving the Nation's Cybersecurity Challenges, at 3.
  8. Cybersecurity Best Practices Guide, at 17.

See also[edit | edit source]

External resource[edit | edit source]

  • Nick Bradley, The Threat Is Coming from Inside the Network: Insider Threats Outrank External Attacks, SecurityIntelligence (June 1, 2015) (full-text).
Community content is available under CC-BY-SA unless otherwise noted.