Biblio

Insider threats refer to threats posed by individuals who intentionally or unintentionally destroy, exfiltrate, or leak sensitive information, or expose their organization to outside attacks. Surveys of organizations in government and industry consistently show that threats posed by insiders rival those posed by hackers, and that insider attacks are even more costly. Emerging U.S. government guidelines and policies for establishing insider threat programs tend to specify only minimum standards for insider threat monitoring, analysis, and mitigation programs. Arguably, one of the most serious challenges is to identify and integrate behavioral (sociotechnical) indicators of insider threat r isk in addition to cyber/technical indicators. That is, in focusing on data that are most readily obtained, insider threat programs most often miss the human side of the problem. This talk briefly describes research aiming to catalog human as well as technical factors associated with insider threat risk and summarizes several recent studies that seek to inform the development of more comprehensive, proactive approaches to insider threat assessment.