Insider Threat Defined: Discovering the Prototypical Case.

In a continued effort to better define the field of insider threat research, this study presents a survey of 30 cybersecurity experts’ opinions on the attributes of a prototypical insider and insider threat case. The survey is based on the attributes in the Entity-Relationship Model developed in a previous study of 42 different definitions of insider and insider threat. To develop clearer consensus and uniformity in the field, we discuss the attributes, which, in this small exploratory study, experts saw as typical or atypical components of an insider threat case.