Abstract :
One of the most critical problems facing the information security community is the threat of a malicious insider abusing his computer privileges to modify, remove, or prevent access to an organization\´s data. An insider is considered trusted (at least implicitly) by his organization because he is granted access to its computing environment. Whether or not that insider is in fact trustworthy is a question that lies at the heart of the insider threat problem. Complicating this problem is the fact that there is no "one size fits all" description of a malicious insider. Motivations, objectives, cyber expertise, system privileges all can and do vary from one case to the next.
