Common Sense Guide to Mitigating Insider Threats

What is an Insider Threat?

The CERT Divisionā€™s definition of a malicious insider is a current or former employee, contractor, or business partner who meets the following criteria:

  • has or had authorized access to an organizationā€™s network, system, or data
  • has intentionally exceeded or intentionally used that access in a manner that negatively affected the confidentiality, integrity, availability, or physical well-being of the organizationā€™s information or information systems or workforce.

For the purpose of this guide, an unintentional insider threat is defined as a current or former employee, contractor, or other business partner who meets the following criteria:

  • who has or had authorized access to an organizationā€™s network, system, or data and who, through
  • their action/inaction without malicious intent
  • cause harm or substantially increase the probability of future serious harm to the confidentiality, integrity, or availability of the organizationā€™s information or information systems

See the full guide here

iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us