Breach From Within: Introduction to Insider Risk and Threats

University of Maryland, College Park via Coursera

Go to class Write review

Overview

Coursera Flash Sale

40% Off Coursera Plus for 3 Months!

Grab it

Breach from Within: Introduction to Insider Risk and Threats examines one of today’s most complex security challenges: the threat that originates from trusted insiders. While many security programs focus on external attacks, this course shifts attention to the human, behavioral, and organizational factors that drive insider incidents. Drawing on real-world cases and interdisciplinary research, learners explore how insider risk develops over time, why warning signs are often missed, and how insider threats can escalate beyond data breaches into workplace violence, critical infrastructure disruption, and national security threats. The course emphasizes proactive, ethical, and risk-based approaches to prevention, integrating insights from psychology, organizational behavior, and modern security frameworks. Led by Dr. Steve Sin, Director of the Unconventional and Asymmetric Threats Division at the University of Maryland’s National Consortium for the Study of Terrorism and Responses to Terrorism (START), this course provides a human-centered perspective often missing from traditional security education. No technical background is required—just curiosity and a desire to better understand one of the most pressing security risks organizations face today.

Syllabus

Module 1: Course Introduction

Welcome to the introductory module for the course, "Breach from Within: Introduction to Insider Risk and Threats." You will notice that this course is designed a bit differently than many other Coursera courses. In this module, you will first learn how to navigate this new interface. Then you will apply those navigation skills, in order to review the course goals and objectives.

Module 2: Introduction to Insider Risk

This module lays the groundwork for understanding insider risk. It begins by defining “insider risk” and distinguishing it from the narrower term “insider threat.” It will also touch on the overlap with targeted violence and how insider threats can escalate into workplace violence. This module also explores the high frequency of insider incidents and stresses the necessity of a proactive approach to managing them. To put this issue into perspective, the module will present a real-world case that illustrates the substantial harm insiders can inflict. By the conclusion, you will understand the dangers posed by insiders and the importance of vigilance and strategic risk management.

Module 3: Psychological and Behavioral Foundations

This module looks into the human psyche and behaviors behind insider threats. We’ll discuss psychological factors (like stress, personality, and personal grievances) that can contribute to malicious insider threats, and the typical behavioral warning signs that might precede an incident. We will introduce a model called the “Critical Pathway to Insider Risk” that describes how someone can progress from being an ordinary insider to posing a serious threat. By understanding the human element—the motivations and warning signs—we can better anticipate and prevent insider incidents.

Module 4: Broader Implications of Insider Threats

Having explored what insider risk is—and the psychological and behavioral factors that contribute to it—we can now step back and consider the bigger picture. Insider threats don’t just impact individual organizations; they can have far-reaching national and even global consequences. In this module, we’ll explore how insider access enables cyberattacks, terrorism, and violence from within. We will talk about how some insider threats can escalate to targeted violence, like workplace violence, and why modern insider risk programs often overlap with workplace violence prevention. We’ll also look at how insider threats can impact strategic systems, including critical infrastructure, defense and intelligence, financial institutions, healthcare, and beyond. Insider threat is larger than the IT department or organization itself. It is a significant element of overall security, including national security and public safety. Insider threat isn’t just an organizational problem—it can touch anyone. Understanding these threats helps you recognize warning signs, take preventive action in your own workplace, and contribute to safety, security, and resilience on a broader scale.

Module 5: Organizational Culture and Dynamics

This module explores how workplace culture, management practices, and overall organizational dynamics can affect insider risk. We’ll talk about what a “security-conscious” culture looks like versus a toxic culture, and why “tone from the top” is so important. We’ll also cover practical steps organizations can take to encourage employees to report concerns and follow security best practices. Additionally, we’ll highlight some resources (from government and industry) that organizations can use to build robust insider risk programs. Prevention is not just about vetting and watching people, but also about shaping an environment where insiders are less likely to go rogue and more likely to be caught if they do.

Module 6: Insider Risk Management

Insider risk management benefits greatly from established frameworks that bring structure and consistency to how organizations approach the problem. These frameworks move security efforts from guesswork to proven practice—helping organizations avoid blind spots, prioritize resources, and respond effectively to incidents . They also benefit individual workers within the organization by explaining how and why security decisions are made—everything from access privileges to workplace culture. This module introduces some key frameworks used in insider threat programs, such as the NIST Cybersecurity Framework and the MITRE Insider Threat Framework, and how they can be applied or adapted to insider risk. We’ll also look at how modern programs integrate social science within these technical frameworks. Finally, we’ll discuss the importance of keeping these programs up-to-date, incorporating the latest research and adjusting to evolving and emerging threats.