Insiders Dissected - New Foundations and a Systematisation of the Research on Insiders

The insider threat is often cited as one of the most challenging threats for security practitioners. Even though this topic is receiving considerable attention, two main problems remain unsolved. First, research on insider threats is focusing on many different insiders without being able to actually identify and consistently entitle the key aspects of the insiders. As a result, this research can neither be identified by practitioners as being relevant for their real-world insider problems, nor can it be compared with other research targeting the same insider aspects. Second, a clear understanding of insiders is vital for analysing, which insider properties are responsible for the peculiarity of insider threats. In this paper, a systematic approach to dissect the defining aspects of insiders is proposed, which includes specific allocatable insider characteristics. Additionally, the insider characteristics are extended towards insider types, which establish universal and unambiguous names for different insiders, and which are related with each other to form a new and simple insider taxonomy. The new foundations on insiders allow the comparison of different insider research in a structured manner. Furthermore, the new approach facilitates the identification of specific features of insider threats in future work.