Scope: The Insider Threat metrics work will take the form of three primary research areas: 1. Analysis and grouping of technical and non-technical/behavioral precursors, and organizational issues in the Insider Threat database. 2. Ranking various combinations of selected attributes to form a preliminary matrix of ordinal insider threat matrix risk scores. 3. Test the validity of metric scores and subscores; explore how the metric could be used to create an automated monitoring system, accepting real-time feedback from widely-used enterprise tools, as part of future work.
Outcomes: Determine the future direction of a fully-developed insider threat scoring metric.