detection-method-vocab
======================

**Audit** (1)

    The insider's activity was spotted during an internal or third-party auditing process

**Technical Means** (2)

    The insider's activity was detected via analysis or anomalies in technical systems and software

**Non-Technical Means** (3)

    The insider's activity was detected in a non-technical fashion (e.g., the insider had personal items purchased with a company credit card sent to the office by accident)

**Security Software** (4)

    The insider's activity was detected by security software (e.g., the insider tried to download a document with trade secrets and an automatic alert detected the download)

**System Failure** (5)

    The insider's activity resulted in a system going down within the organization, which led to the detection of the insider's activities