One of the most critical problems facing the information security community is the threat of a malicious insider abusing his computer privileges to modify, remove, or prevent access to an organization's data. An insider is considered trusted (at least implicitly) by his organization because he is granted access to its computing environment. Whether or not that insider is in fact trustworthy is a question that lies at the heart of the insider threat problem. Complicating this problem is the fact that there is no "one size fits all" description of a malicious insider. Motivations, objectives, cyber expertise, system privileges all can and do vary from one case to the next.