Skip to main content

ARLIS IRiSS Event #1 Sprout
State of Insider Threat and Insider Risk paradigms

This sprout was cleared for open publication September 8, 2021 by the Department of Defense Office of Prepublication and Security Review.
Download a pdf version of this summary here.

With the aim to extend the conversations started in IRiSS events, ‘sprouts’ are reaction-style commentary made by ARLIS individuals and teams based on the publicly released event summaries.

This sprout was written by William (Bill) Stephens as a response to the first IRiSS event summary: State of Insider Threat and Insider Risk paradigms (event 30 March 2021; sprout 7 May 2021). Shawn Janzen offered minor edits to the last sentence.


Doug Thomas, Matt Eanes, Dr. Natalie Scala, and Cy Genna collectively demonstrated the Insider Risk/Threat has come a long way from its inception, but remains quite far from being a mature enterprise and activity. From the conversation it was evident each speaker was very experienced and accomplished in managing risk in their organizations, and quite agile in the conversation. Interestingly, however, the panel members were inconsistent in their language. ‘Risk’ and ‘threat’ were used interchangeably; threat’ and ‘vulnerability’ were used interchangeably; and ‘risk’ and ‘consequence’ were sometime confused. Moreover, there was very little agreement in the group about measures of effectiveness and, on the part of at least one speaker, an unwillingness or inability to even identify a measure of effectiveness in their work. Confused language and lack of common measures are clear indicators of an enterprise and activity that has not yet instantiated strong standards and remains immature. If we are to shift from the paradigm from threat to risk, what are the next steps for the Insider Risk world to reach maturity, and with consistent agreement across the communities?