detection-method-vocab

Audit (1)

The insider’s activity was spotted during an internal or third-party auditing process

Technical Means (2)

The insider’s activity was detected via analysis or anomalies in technical systems and software

Non-Technical Means (3)

The insider’s activity was detected in a non-technical fashion (e.g., the insider had personal items purchased with a company credit card sent to the office by accident)

Security Software (4)

The insider’s activity was detected by security software (e.g., the insider tried to download a document with trade secrets and an automatic alert detected the download)

System Failure (5)

The insider’s activity resulted in a system going down within the organization, which led to the detection of the insider’s activities