ON ASSESSING THE INSIDER THREAT POTENTIAL

Most security practitioners are reluctant to try to assess the Insider Threat because of the lack of a valid database for this threat. Yet, nuclear facilities are obligated to determine the effectiveness of their safeguards systems against the Insider Threat and are sometimes required by various government agencies to estimate site risk measures for this threat. This paper presents a methodology for quantifying a topic that resists quantification. Three distinct steps are involved in the methodology for assessing the Insider Threat potential:1. Characterize the types of insiders who might potentially harm the organization, with emphasis on scientific and engineering facilities; 2. Identify and assess elements in the organization's Personnel Reliability Program that can reduce the chances of the Insider Threat potential being realized; and 3. Apply an event tree methodology that uses the above surrogate data to evaluate the site-specific Insider Threat potential. In addition to presenting a methodology for quantifying the Insider Threat potential, the paper also gives some basic conclusions on preventing insider malevolence that are drawn from analyses of insider cases and expert opinion.