An insider threat as an information security problem presents some of the most challenging issues that security managers face today.

The CERT Division of Carnegie Mellon University’s Software Engineering Institute defines a malicious attacker as: “A current or former employee, contractor, or other business partner who has or had authorized access to the organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.”