What is insider risk?

This chapter lays the groundwork for the rest of the book by defining key terms and concepts, including risk, insider, insider risk, and personnel security. An insider is a person who betrays trust by behaving in potentially harmful ways. Insider risk is the security risk arising from the actions of insiders. The nature of security risk is explained in terms of its three core components: threat, vulnerability, and impact. Security risks are dynamic and adaptive, which means they change over time and adapt in response to the defensive actions of the potential victims. A large part of any organisation’s insider risk will sit in its supply chain.