How Do I Identify Insider Threats?
Insider threat is generally considered the potential for an individual to use authorized access to an organization’s assets to knowingly or unknowingly do harm. The damage from insider threats can manifest as espionage, theft, sabotage, workplace violence, or other harm to people and organizations. Possible insiders include employees, contractors, vendors and suppliers.
An insider threat is one that is posed by an employee or long-term visitor that has been given trusted access to business sensitive, classified data or other information of value to an adversary. For the safety and integrity of this University, all UT employees should be aware of how to spot insider threat indicators and warnings, and should be aware of where to report a suspected issue.
Executive Order 13587 (Oct., 2011), established a national insider threat policy for all government departments and agencies. As a cleared defense contractor, policy requirements flow down to cleared personnel at UT. These include the establishment of an insider threat program and insider threat training to keep cleared researchers and administrative personnel informed of the signs of suspicious activities and how to report them.
Access is at the heart of understanding and characterizing insider threats. Without access, there is no “insider.” Organizations grant individuals different kinds of access, like physical entry to buildings or virtual access to computer networks.
What are the Potential Risk Indicators of an Insider Threat?
Individuals at risk of becoming insider threats and those who ultimately cause significant harm often exhibit warning signs, or indicators. PRI include a wide range of individual predispositions, stressors, choices, actions and behaviors. The following indicators suggest increased vulnerability to insider threat, and may even be signs of an imminent and serious threat:
- Security and Compliance Incidents
- Technical Activity / Information Security Violations
- Violent or or Seditious Attitudes Toward the United States Government
- Improper Foreign Influence
- Outside Activities, Especially Non-Disclosed Activities
- Financial Considerations
- Substance Misuse and Alcohol Abuse
- Personal Conduct
- Criminal Conduct
Who Do I Contact?
UT Policies HR0580 Code of Conduct and HR0585 Mandatory Reporting state that employees are expected to report any good faith concern about compliance violations. Compliance concerns may be reported anonymously to the Office of Audit and Compliance using the following link: www.tennessee.edu/hotline.
Report potential insider threats to the University of Tennessee Insider Threat Program Senior Official (ITPSO), Facility Security Officer (FSO), or a UT Research Security Officer:
Research Security Official – Sarah Pruett, email@example.com, (865) 974-4438
FSO – Mary Jourdan, firstname.lastname@example.org, (865) 974-5669