Insider Threat Detection: A Solution in Search of a Problem
Date
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Insider threats (IT) reflect a growing concern in security communities. Despite a rapid increase in the number of papers examining IT, definitions, research methods, models, and critical evaluations are rare. The present paper provides a critical review of these issues. Definitions of insider threat have varied from general: focusing on all forms of organizational deviant behavior, to specific: focusing on individual difference and social context variables. Research methods are based on deductive principles and intuitions of subject matter experts, computational models based on social media activity, and empirical observations based on synthetic or inaccessible data sets, i.e., black data. Following a review of these considerations, we demonstrate that many existing approaches within the behavioral and social sciences can provide more solid foundations to the IT literature. Using insight from research on organizational deviant behaviour and workplace incivility, we conclude by proposing a multidimensional classification system for insider threat SIEVE: severity (S), intentionality (I), type of employee norm violation (EV), and ethicality (E).