Volume 5 - Issue 2
Insider Threat Defined: Discovering the Prototypical Case
- David A. Mundie
Software Engineering Institute, CERT Division Pittsburgh, Pennsylvania, USA
dmundie@cert.org
- Samuel J. Perl
Software Engineering Institute, CERT Division Pittsburgh, Pennsylvania, USA
sjperl@cert.org
- Carly L. Huth, J. D.
Software Engineering Institute, CERT Division Pittsburgh, Pennsylvania, USA
clhuth@cert.org
Keywords: insider threat, taxonomy, ontology, attributes
Abstract
In a continued effort to better define the field of insider threat research, this study presents a survey of
30 cybersecurity experts’ opinions on the attributes of a prototypical insider and insider threat case.
The survey is based on the attributes in the Entity-Relationship Model developed in a previous study
of 42 different definitions of insider and insider threat. To develop clearer consensus and uniformity
in the field, we discuss the attributes, which, in this small exploratory study, experts saw as typical or
atypical components of an insider threat case.