EXPLANATION OF INSA-DEVELOPED INSIDER THREAT DEFINITION
November 05, 2015
In November 2015, the INSA Insider Threat Subcommittee, under the auspices of the Security Policy Reform Council (SPRC), undertook an initiative to refine the definition of Insider Threat. The Subcommittee of representatives from the U.S. Government and Industry noted three issues:
- Many government and industry definitions already exist.
- A majority of them are not inclusive, failing to account for one or more aspects of threats posed by an insider.
- Several industries are struggling with the threats posed by insiders, and many articulated that existing definitions created barriers to efficient implementation of insider threat programs. Through group discussion, several proposals were made, subjected to critical peer review. The Subcommittee settled on the below language, briefed to and embraced by SPRC on December 4, 2015. The Directors of the Defense Security Service and the National Counterintelligence and Security Center were also briefed, both of whom endorsed the inclusive nature of the definition and the language specific to instances of workplace violence.