Mandiant has adopted the Cyber and Infrastructure Security Agency (CISA) definition of insider, which states, “An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.”
An insider threat is then the “potential for that insider to use their authorized access or special understanding of an organization to harm that organization.
This harm includes malicious, complacent, or unintentional acts that negatively affect the confidentiality, integrity and availability of the organization, its data, personnel, facilities, and associated resource.”
Read more…
Source: Mandiant