ABSTRACT
It is a known fact that insider threats exist for all organizations. Essentially, this threat lies in the potential that a trusted sta‰ member may betray their obligations and allegiances to the enterprise and conduct sabotage or espionage against them. Many enterprises use the 80-20 rule when looking at threats. In the past, most of the enterprise threats were external. In today’s environment, the 80-20 threat has changed to be more of an insider threat. An “insider” is anyone who is or who has been authorized to access an enterprise asset. Insider threat activities can fall into several general categories:
1. Exceeds given asset (network, system, or data) permissions. 2. Conducts malicious activity against or across enterprise assets (network, system, or data). 3. Provides unapproved access to enterprise assets (network, system, or data). 4. Circumvents security controls or exploits security weaknesses to exceed authorized permit-
ted activity or disguises identity. 5. Nonmaliciously or unintentionally damages assets and resources (network, system, or data)
by destruction, corruption, denial of access, or disclosure.
