Innovative Information Science & Technology Research Group (ISYOU)
Threats from the inside of an organization's perimeters are a significant problem, since it is difficult to distinguish them from benign activity. In this paper, the authors discuss defining properties of insiders and insider threats. After presenting definitions of these terms, they go on to discuss a number of approaches from the technological, the sociological, and the socio-technical domain. They draw two main conclusions. Tackling insider threats requires a combination of techniques from the technical, the sociological, and the socio-technical domain, to enable qualified detection of threats, and their mitigation.