Skip to content
Log in

Insider threat

Definition

An incident originating from a person with legitimate access to an organisation's systems, whether through malicious intent (data theft, sabotage) or negligence (misconfiguration, misdirected email). Insider incidents require different evidentiary handling than external intrusions.

Related terms

Advanced Persistent Threat (APT)
A category of attacker, typically nation-state or state-sponsored, characterised by high technical capability, long dwell times, specific targets, and disciplined operational security....
Alert
A notification generated when an event or pattern of events matches a detection rule. Alerts require triage to determine whether they represent...
Data breach
An incident in which an unauthorised party gains access to, copies, or discloses protected data. Breaches trigger specific legal notification requirements under...
MITRE ATT&CK
A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
Ransomware
Malware that encrypts or exfiltrates data and demands payment for restoration or suppression. Modern ransomware incidents often combine an availability impact (encrypted...
Security event
Any observable occurrence in a system or network. Events are the raw material from which alerts and incidents are identified; the vast...
Security incident
An event or chain of events that violates an organisation's security policy or credibly threatens the confidentiality, integrity, or availability of information...
Threat actor
An individual or group responsible for a security incident or malicious campaign. Threat actors are categorised by motivation (financial, espionage, hacktivism, destruction)...
Threat intelligence
Processed, analysed information about adversaries, their capabilities, and their current or anticipated activities. Includes strategic intelligence (actor motivations and trends) and tactical...
Threat vector
The pathway or method a threat actor uses to gain access or cause harm. Examples include phishing email, unpatched software vulnerabilities, compromised...

Explained in these topics

  • The Threat Landscape and Threat ActorsA security risk originating from within the organisation, including current or former employees, contractors, and business partners who have or had authorised...
  • What Is a Security IncidentAn incident originating from a person with legitimate access to an organisation's systems, whether through malicious intent (data theft, sabotage) or negligenc...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account