The Insider threat is rarely considered as part of functional safety to inform design, process and procedure. Worryingly, it is often neglected as part of safety and risk management practices entirely. This must change in light of high profile cases in recent years where Insiders have been seen to pose a severe threat. Industry must attempt to analyse and understand Insider threat risk and build this into integral processes, which will require close collaboration across diverse technical areas and specialisms. Government policy may even be developed in the coming years, similar to that of US Executive Order 13587, which necessitates a more comprehensive consideration of these risks. Now is the time for safety-critical industries to wake up to the Insider threat as one of the most real and present dangers to organisations in the modern age. This paper is a thought-piece about how Insider threat could be dealt with as part of normal engineering practice, and proposes a concept methodology for the formal assessment of Insider threat risk to systems and organisations. The paper deals only with deliberate and malicious acts (intended to do harm in some way), rather than the unintentional insider threat.
展开▼
