Which of the following scenarios describe a potential insider threat

/ Exams & Certification / By

Which of the following scenarios describe a potential insider threat?

(Select all that apply)

An analyst makes a protected disclosure about SECRET information she’s been asked to review and finds concerns about as part of her official duties.

A project manager at a cleared facility accidentally takes home a document marked Controlled Unclassified Information (CUI).

An employee takes a photo at their desk and posts it to social media. Documents marked CONFIDENTIAL are visible in the photo.

An engineer regularly leaves their security badge in their desk and relies on others to let him in the building.

The Correct Answer and Explanation is:

Correct Answers:

  • ✅ An employee takes a photo at their desk and posts it to social media. Documents marked CONFIDENTIAL are visible in the photo.
  • ✅ An engineer regularly leaves their security badge in their desk and relies on others to let him in the building.

Explanation (300+ words):

An insider threat refers to a risk posed by individuals within an organization—such as employees, contractors, or business partners—who have access to internal systems or sensitive information and may intentionally or unintentionally compromise security.

Let’s evaluate each option:

  1. “An analyst makes a protected disclosure about SECRET information she’s been asked to review and finds concerns about as part of her official duties.”
    This scenario does not represent an insider threat. The analyst is making a protected disclosure, which is typically permitted under whistleblower protection laws or internal reporting guidelines. If done properly and through authorized channels, this action is both legal and ethical, and it does not threaten organizational security.
  1. “A project manager at a cleared facility accidentally takes home a document marked Controlled Unclassified Information (CUI).”
    Although this is a security incident, it is most likely not an insider threat unless the action was intentional. Insider threats usually involve malicious or repeated negligent behavior. A single, accidental mistake—though serious—does not necessarily classify as an insider threat.
  1. “An employee takes a photo at their desk and posts it to social media. Documents marked CONFIDENTIAL are visible in the photo.”
    This scenario does represent a potential insider threat. Even if unintentional, publicly exposing classified or sensitive information via social media violates information security policies. This type of behavior can be exploited by adversaries and reflects poor operational security (OPSEC).
  1. “An engineer regularly leaves their security badge in their desk and relies on others to let him in the building.”
    This is also a potential insider threat, even if not malicious. Repeatedly bypassing security procedures and relying on “tailgating” can create vulnerabilities. Such negligence increases the risk of unauthorized access, which could be exploited by malicious insiders or external attackers.

In conclusion, options 3 and 4 represent behaviors that could contribute to insider threats through negligence or carelessness, which can be just as damaging as deliberate misconduct.

Related Posts

Scroll to Top