Insiders and Insider Threats: An Overview of Definitions and Mitigation Techniques

Jeffrey Hunker, Christian W. Probst

    Research output: Contribution to journalJournal articleResearchpeer-review


    Threats from the inside of an organization’s perimeters are a significant problem, since it is difficult to distinguish them from benign activity. In this overview article we discuss defining properties of insiders and insider threats. After presenting definitions of these terms, we go on to discuss a number of approaches from the technological, the sociological, and the socio-technical domain. We draw two main conclusions. Tackling insider threats requires a combination of techniques from the technical, the sociological, and the socio-technical domain, to enable qualified detection of threats, and their mitigation. Another important observation is that the distinction between insiders and outsiders seems to loose significance as IT infrastructure is used in performing insider attacks.
    Original languageEnglish
    JournalJournal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications
    Issue number1
    Pages (from-to)4-27
    Publication statusPublished - 2011

    Cite this