SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of a victim organization. What makes sabotage so compelling a concern is the notion that a few lines of code can put an organization out of business.

In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is a relationship between an insider's salary and the financial impact of related incidents. Comparing the estimated salary of malicious insiders with impacts self-reported by victim organizations in publicly available sources (i.e., in court filings) may offer analytical insight for quantifying risk.

This is the first part of a two-part series that explores open source, free, or low-cost solutions to help you get the technical portion of your insider threat program started. As defined by, open source software is "software with source code that anyone can inspect, modify, and enhance." Free tools are available at no cost, but the source code is "closed," meaning that it cannot be examined or modified.

Much attention has been paid to understanding the impacts of an insider threat incident. In examining recorded cases, trends begin to emerge over time just as with any other data set. However, despite these malicious insiders using technical means to cause harm, there is still a human component that should be considered. Who, collectively, are these malicious insiders that caused harm? What do we know about them? This blog post is the first of a four-part series about understanding insider threats.

On May 18, 2016, the DOD published Change 2 to DoD 5220.22-M, "National Industrial Security Operating Manual (NISPOM)," which requires contractors to establish and maintain an insider threat program to detect, deter, and mitigate insider threats. The intent of this blog post is to describe the summary of changes required by Change 2 and the impact it will have on contracting organizations.