A conceptual opportunity-based framework to mitigate the insider threat

Abstract

The aim of this paper is to provide a conceptual framework to mitigate the insider threat from an opportunity-based perspective. Although motive and opportunity are required to commit maleficence, this paper focuses on the concept of opportunity. Opportunity is more tangible than motive, hence it is more pragmatic to reflect on opportunity-reducing measures. Opportunity theories from the field of criminology are considered to this end. The derived framework highlights several areas of research and may assist organisations in designing controls that are situationally appropriate to mitigate insider threat. Current information security countermeasures are not designed from an opportunity-reducing perspective.