Archive: 2016-07

This is the first part of a two-part series that explores open source, free, or low-cost solutions to help you get the technical portion of your insider threat program started. As defined by, open source software is "software with source code that anyone can inspect, modify, and enhance." Free tools are available at no cost, but the source code is "closed," meaning that it cannot be examined or modified.

Much attention has been paid to understanding the impacts of an insider threat incident. In examining recorded cases, trends begin to emerge over time just as with any other data set. However, despite these malicious insiders using technical means to cause harm, there is still a human component that should be considered. Who, collectively, are these malicious insiders that caused harm? What do we know about them? This blog post is the first of a four-part series about understanding insider threats.