Insider Threat Defined: Discovering the Prototypical Case

David A. Mundie, Samuel Perl ⁺, and Carly Huth J.D.

Software Engineering Institute, CERT Division
Pittsburgh, Pennsylvania, USA
{dmundie, sjperl, clhuth}@cert.org

Abstract

In a continued effort to better define the field of insider threat research, this study presents a survey of 30 cybersecurity experts’ opinions on the attributes of a prototypical insider and insider threat case. The survey is based on the attributes in the Entity-Relationship Model developed in a previous study of 42 different definitions of insider and insider threat. To develop clearer consensus and uniformity in the field, we discuss the attributes, which, in this small exploratory study, experts saw as typical or atypical components of an insider threat case.

Keywords: insider threat, taxonomy, ontology, attributes

+: Corresponding author: Samuel J. Perl

4500 Forbes Avenue Pittsburgh, PA, 15213, Tel: +1-412-268-4112

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 5, No. 2, pp. 7-23, June 2014 [pdf]