search menu icon-carat-right cmu-wordmark

Insider Threat Attributes and Mitigation Strategies

July 2013 Technical Note
George Silowash

In this report, George Silowash maps common attributes of insider threat cases to characteristics important for detecting, preventing, or mitigating the threat.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


Malicious insiders pose a threat to the confidentiality, integrity, and availability of an organization's information. Many organizations look for hardware and software solutions that address insider threats but are unsure of what characteristics to look for in a product. This technical note presents seven common attributes of insider threat cases, excluding espionage, drawn from the CERT® Division's database. The note maps the seven attributes to characteristics insider threat products should possess in order to detect, prevent, or mitigate the threat. None of these attributes alone can identify a malicious insider. Rather, each attribute is one of many data points that an organization should consider when implementing an insider threat program.