detection-team-vocab
====================

**Law Enforcement** (LE)

    Law enforcement discovered the insider's illegal activity (e.g., police noticed that the insider was gaining access to the company after hours)

**Organization** (OR)

    The victim organization discovered the insider's activity (e.g., IT noticed that the insider had downloaded dozens of company trade secrets to their workstation)

**Customer** (CU)

    A customer of the victim organization discovered the insider's activity

**Competitor** (CO)

    An organization competing with the victim organization discovered the insider's activity (e.g., the insider approached a competing organization with company trade secrets, and the competitor alerted the victim organization)

**Auditor** (AU)

    Internal or external auditor assigned to assess the organization's security, risk, or threat posture

**Self-Reported** (SR)

    The insider reported their activity to their organization

**Incident Response Team** (IR)

    The incident response team (IRT) discovered the insider's activity

**Security Team** (ST)

    Technical or personnel security team discovered the insider's activity

**Management** (MG)

    A member of the organization's management or the insider's management chain discovered the insider's activities

**Internal Investigators** (II)

    Investigators internal to the victim organization

**Researcher** (RR)

    Researcher external to the organization