Position paper

Abstract

The insider threat is considered by many security experts to be the biggest threat to corporate and national security today. Although the number of security incidents involving insiders is far smaller than that of incidents involving attempted intrusions from outsiders, the success rate of insiders is much higher, and the damage that they can cause is incalculably higher. For purposes of this discussion, the insider threat is defined as any situation in which an individual takes advantage of information or access accorded to his/her position within an organization to betray the organization's trust. This is certainly not anew problem: it is one that has plagued organizations large and small for centuries. One of the earliest documented military strategists, Sun Tzu, wrote eloquently on the risk of trusted insiders betraying the mission, either by giving away information (espionage) or by destructive acts (sabotage). For the most part, the risk of espionage is far higher, because it is both easier, and less risky, than sabotage. As both are risks, though, from trusted insiders, we will address each in turn. © 2006 ACM.