Insiders and Insider Threats –

An Overview of Definitions and Mitigation Techniques

 

Jeffrey Hunker¹ and Christian W. Probst²

 

¹Jeffrey Hunker Associates LLC

hunker@jeffreyhunker.com

 

² Technical University of Denmark

Richard Petersens Plads

Building 322, Room 117

DK-2800 Kongens Lyngby

Denmark

probst@imm.dtu.dk

 

 

Abstract

 

Threats from the inside of an organization’s perimeters are a significant problem, since it is difficult

to distinguish them from benign activity. In this overview article we discuss defining properties

of insiders and insider threats. After presenting definitions of these terms,

we go on to discuss a number of approaches from the technological, the sociological,

and the socio-technical domain. We draw two main conclusions. Tackling insider threats requires

a combination of techniques from the technical, the sociological, and the socio-technical domain,

to enable qualified detection of threats, and their mitigation. Another important observation is

that the distinction between insiders and outsiders seems to lose significance

as IT infrastructure is used in performing insider attacks

 

Keywords: insiders, insider threats, managing the risk of insider threats

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 2, No. 1, pp. 4-27, June 2011 [pdf]