NRECA Bldg
Software Engineering Institute, NRECA Building, 4301 Wilson Boulevard, Arlington, VA 22203
http://www.sei.cmu.edu/community/insider-threat/?location=secondary-nav&source=836842
Every employee in an organization is a trusted insider to some degree, but not all employees pose equal threats to all assets. It is essential for organizations to identify their critical assets (people, information, technology, and facilities) and determine who has access—and who should have access—to those assets.
An insider threat protection strategy should begin by focusing on those individuals with authorized access to the most critical assets and by identifying technical and non-technical behaviors that deviate from normal when using information technology resources.