Software Engineering Institute

The research documented in this report seeks to advance the understanding of the unintentional insider threat (UIT) that derives from social engineering. The goals of this research are to collect data on additional UIT social engineering incidents to build a set of cases for the Management and Education of the Risk of Insider Threat (MERIT) database and to analyze such cases to identify possible behavioral and technical patterns and precursors. The authors hope that this research will inform future research and development of UIT mitigation strategies.