About Us
“People are the missing link, not the weakest link”
Humans are our greatest strength. Often overlooked or mistaken as the weakest link, human behavior tells us all we need to know if we know where and how to look for it. Insider threats are not a new phenomenon.
Existing methods are reactive and identify malicious insiders after it is too late, and the damage is done. Insider Threat/Risk Programs must be more proactive.
Successfully managing insider risk is both an art and a science. There has been very limited scientific research, with no consistent and dedicated effort to proactively detect insider risks before threats. Progress has been based solely on the art of experience, rather than driven by the science of research. MITRE’s solutions are based on over 15 years of scientific research and standing up Insider Threat/Risk Programs. We put science in the equation.
MITRE knows that insider threat requires a human solution and not just technology. We uniquely harness both behavioral sciences and technical sciences to more effectively deter, detect, and mitigate insider threats. Our multi-disciplinary team consists of researchers and practitioners who have worked in Insider Threat/Risk Programs in government and critical infrastructure organizations, and have significant expertise applying the behavioral sciences, cybersecurity, data sciences, and intellectual property protection to insider risk.
Building, growing, and maturing Insider Threat/Risk Programs for government, critical infrastructure organizations, industry, and academia, the MITRE Insider Threat Research & Solutions team is recognized as national and international experts. Our innovative work and guidance are in demand.
Successfully managing insider risk is both an art and a science. There has been very limited scientific research, with no consistent and dedicated effort to proactively detect insider risks before threats. Progress has been based solely on the art of experience, rather than driven by the science of research. MITRE’s solutions are based on over 15 years of scientific research and standing up Insider Threat/Risk Programs. We put science in the equation.
MITRE knows that insider threat requires a human solution and not just technology. We uniquely harness both behavioral sciences and technical sciences to more effectively deter, detect, and mitigate insider threats. Our multi-disciplinary team consists of researchers and practitioners who have worked in Insider Threat/Risk Programs in government and critical infrastructure organizations, and have significant expertise applying the behavioral sciences, cybersecurity, data sciences, and intellectual property protection to insider risk.
Building, growing, and maturing Insider Threat/Risk Programs for government, critical infrastructure organizations, industry, and academia, the MITRE Insider Threat Research & Solutions team is recognized as national and international experts. Our innovative work and guidance are in demand.
Examples of solutions under ‘Our Work’:
- Behavioral Risk Framework
(whole-person approach) - Critical Assets Risk Assessments
for InT - Employee Reporting
- Malicious Search and Exfiltration
- Indicator Development
- Remote Work Indicators
- Psycho-social Characteristics
- Position Risk Designation
- Program Development
- Screening and Vetting
- Supervisor & HR Reporting
- New Data Sources
- Tool Evaluation
Currently conducting applied scientific research into the following insider threat topics:
- Bi-Directional Loyalty (BDL): MITRE has defined Bi-Directional Loyalty as a more suitable and practical measure of risk than Organizational Commitment. MITRE is developing and testing methods to measure BDL, and creating a research plan to validate the relationship between BDL and insider threat.
- Financial Strain: Identifying, testing, evaluating, and operationalizing indicators of high psychological financial strain, rather than indicators of material debt which fail to consider coping, emotion, and how an individual perceives their financial situation and financial obligations.
- Remote Work: Assessing insider risk in remote work environments, including behavioral and cyber gaps in detection and deterrence.
- Workplace Violence: Developing a methodology for researching expectations and tolerance of escalating employee aggressive behaviors in the workplace, to develop recommendations for improving risk identification and reporting.
- Protective Factors: Identifying, evaluating, and operationalizing positive factors that can be used to lower an employee risk score (e.g., signs of coping or resilience).