An insider threat originates from people who already have legitimate access — employees, contractors, partners, or former staff whose credentials were not properly revoked. Insider threats are particularly difficult to detect because the access itself is authorized.
Insider threats fall into two categories: malicious insiders who intentionally steal or sabotage, and negligent insiders who cause harm through careless actions like misconfiguring systems or mishandling sensitive data.
CISSP Relevance
Insider threats appear across Domain 1 (Security and Risk Management), Domain 5 (Identity and Access Management), and Domain 7 (Security Operations). CISSP candidates must understand user behavior analytics, access controls, separation of duties, and monitoring practices that detect insider activity.
External reference: CISA Insider Threat Mitigation Resources
Related terms: Separation of Duties, Security Audit