Insider threat

The forgotten, yet formidable foe

Authored by: Maria Papadaki , Stavros Shiaeles

Human-Computer Interaction and Cybersecurity Handbook

Print publication date:  October  2018
Online publication date:  October  2018

Print ISBN: 9781138739161
eBook ISBN: 9781315184319
Adobe ISBN:


 Download Chapter



As a way of introduction, it would be useful to consider what the security community considers the insider threat to be and how it manifests itself. Mukherjee et al. (1994) define the insider threat as that who has legitimate access to the system but is abusing their privileges. Schultz (2002) subsequently considers insider attacks as deliberate misuse by those who are authorized to use computers and networks and identifies insiders as employees, contractors, consultants, temporary helpers, or personnel from third-party business partners. He pointed out how little was understood on insider threats at the time and discussed the many misconceptions that surrounded the issue. Bishop and Gates (2008) go a step further by considering insider threats in the context of trust and security policies, where levels of trust are expressed in a set of access control rules, which are in turn represented in a security policy. Specifically, they provide the following definition for an insider:

A trusted entity that is given the power to violate one or more rules in a given security policy ... the insider threat occurs when a trusted entity abuses that power.... An insider can thus be defined with regard to two primitive actions:

violation of a security policy using legitimate access, and;

violation of an access control policy by obtaining unauthorized access.

Search for more...
Back to top

Use of cookies on this website

We are using cookies to provide statistics that help us give you the best experience of our site. You can find out more in our Privacy Policy. By continuing to use the site you are agreeing to our use of cookies.