Resources

Based on two decades of research, this presentation discusses technical challenges and recent insights in developing and testing behavioral science-based models for proactive insider threat mitigation. Dr. Greitzer describes the SOFIT insider threat indicator ontology, which provides a foundation for hierarchical, pattern-based models; review what expert knowledge elicitation studies have revealed about dynamic properties of potential risk indicators; and discusses recent approaches for developing and testing models that reflect how human experts think about and analyze this complex threat assessment problem.

Insider risk management remains a top priority for both government and commercial sectors, especially as incidents increase and attract more attention. Insider threats refer to harmful actions by trusted individuals who have access to an organization’s resources— ranging from sensitive data theft and data exfiltration to sabotage, espionage, fraud, and workplace violence. To address this growing concern, many organizations are enhancing their insider risk management programs by investing in new resources and technologies.