Developing an insider threat model using functional decomposition

Addressing the insider threat using a systematic and formulated methodology is an inherently difficult process. This is because the problem is typically viewed in an abstract manner and a sufficient method for defining a way to categorically represent the threat has not been developed. The solution requires a security model that clearly identifies a process for classifying malicious insider activities. To be effective the model must compartmentalize the threat and attack it consistently. The purpose of this paper is to present a methodology for accurately defining the malicious insider and describe a process for addressing the threat in a systematic manner. Our model presents a definable taxonomy of the malicious insider and demonstrates a method for decomposing the abstract threat into a solvable and analyzable process.