The Insider Threat Matrix™ (ITM) is designed to help investigators map the trajectory of an insider incident—both before and after an infringement. It provides a structured approach to categorizing evidence and articulating the motive, means, and methods used by subjects of insider investigations.
The ITM unifies diverse concepts and terminology for digital investigators, offering a common language that bridges people, processes, and technology. Its goal is to improve how we address the growing challenge of computer-enabled insider threats.
The Insider Threat Matrix™ is a living framework, continuously evolving as new insights and research emerge. If you believe you can contribute to its development, please submit your input here.
This repository contains a single JSON file representing the complete Insider Threat Matrix™.
The Insider Threat Matrix™ (ITM) is an open, freely accessible investigative framework that provides a structured, practitioner-led approach to insider threat investigation and response. Supported by sponsoring organizations, its ongoing development, curation, and infrastructure are sustained while remaining independent of commercial influence. Governance and stewardship are maintained by Forscie, which ensures the framework adheres to established investigative standards and remains vendor-neutral. Sponsorship does not grant editorial control or influence over content; instead, it enables the continued evolution and public availability of the ITM without shaping its substance or direction.
More information and contact details can be found here: https://insiderthreatmatrix.org/sponsors
Above Security - https://www.above.security/