Software Engineering Institute

The goals of the initial work described in this paper are to elaborate the potential ways an insider threat program (InTP) could go wrong and to engage the community to discuss its concerns and, ultimately, to define practical strategies for mitigating these consequences. We describe several categories of negative unintended consequences as to whether they involve (1) interference with legitimate whistleblower processes and protections, (2) InTP management/employee relationships, (3) InTP management’s lack or loss of interest in the program, or (4) misuse of the InTP by its staff or other em-ployees (accidental or purposeful). We also present a fully-elaborated InTP archetype specification that describes a particular negative unintended con-sequence in detail with an associated archetypal narrative, a causal loop specification, and a discussion of possible mitigations. By establishing a clear picture of the way things could go wrong when establishing and executing an InTP, we can help organizations understand the need for a balanced approach that has a better chance of reducing insider threats while minimizing the chances or severity of negative unintended consequences. Future work will involve validating (or refuting) the existence of the unintended consequences and mitigations in operation, enumerating other nega-tive unintended consequences that have occurred, and elaborating methods to avoid or mitigate these consequences.