Malicious insiders are difficult to detect and prevent, because insiders such as employees have legitimate rights to access organization's resources in order to carry out their responsibilities. To overcome this problem, the authors have developed a framework that detects suspicious insiders using a psychological trigger that impels malicious insiders to behave suspiciously. Also, they have proposed an architecture comprising an announcer, a monitor, and an analyzer. First, the announcer creates an event (called a "Trigger") that impels malicious insiders to behave suspiciously. Then the monitors record suspicious actions such as file/e-mail deletions.