detection-team-vocab

Law Enforcement (LE)

Law enforcement discovered the insider’s illegal activity (e.g., police noticed that the insider was gaining access to the company after hours)

Organization (OR)

The victim organization discovered the insider’s activity (e.g., IT noticed that the insider had downloaded dozens of company trade secrets to their workstation)

Customer (CU)

A customer of the victim organization discovered the insider’s activity

Competitor (CO)

An organization competing with the victim organization discovered the insider’s activity (e.g., the insider approached a competing organization with company trade secrets, and the competitor alerted the victim organization)

Auditor (AU)

Internal or external auditor assigned to assess the organization’s security, risk, or threat posture

Self-Reported (SR)

The insider reported their activity to their organization

Incident Response Team (IR)

The incident response team (IRT) discovered the insider’s activity

Security Team (ST)

Technical or personnel security team discovered the insider’s activity

Management (MG)

A member of the organization’s management or the insider’s management chain discovered the insider’s activities

Internal Investigators (II)

Investigators internal to the victim organization

Researcher (RR)

Researcher external to the organization