Comprehensive definitions and explanations of insider risk, cybersecurity, and related terms. Build your knowledge with expert-reviewed content.
The total financial impact of insider incidents on organizations, including direct costs, operational disruption, and regulatory penalties.
Security technology that identifies, monitors, and protects sensitive data in use, in motion, and at rest.
A quantitative measurement (0-100 scale) of an organization's overall insider threat posture based on five critical security pillars.
A comprehensive approach to identifying, assessing, and mitigating risks posed by people with authorized access to organizational assets.
A security risk that originates from people within the organization who have authorized access to systems and may intentionally or unintentionally harm the organization.
A comprehensive organizational initiative to detect, prevent, and respond to insider threats.
Gartner's strategic framework for insider risk management organizing threats into 3 types, 3 activities, and 3 mitigation goals.
User and Entity Behavior Analytics - technology that uses machine learning to establish baseline behaviors and detect anomalous activities.
The identification of patterns in data that do not conform to expected behavior.
The use of machine learning and statistical analysis to understand normal user behavior patterns and identify deviations that may indicate insider threats.
A legitimate user whose credentials or devices have been compromised by external attackers.
The ongoing observation and analysis of security controls and risk factors.
The process of collecting, analyzing, and preserving digital evidence for investigation purposes.
Security solutions that monitor and respond to threats on endpoint devices.
The policy-based centralized orchestration of user identity management and access control.
An individual with authorized access who intentionally uses that access to harm the organization.
An individual who inadvertently causes harm through careless actions, policy violations, or security mistakes.
Security solutions that control and monitor access to critical systems and data by privileged users.
The process of assigning numerical values to represent the level of risk associated with users, activities, or events.
Educational programs designed to help employees recognize and respond appropriately to security threats.
Gartner distinguishes between monitoring (asset-centric data collection) and surveillance (people-centric monitoring of specific individuals).
Information about current and potential attacks that threaten the safety of an organization.
A security model that requires verification for every person and device trying to access resources, regardless of their location.