Abstract

Insider attacks represent a significant threat in today's information security landscape, causing substantial financial and reputational damage to organizations. This article addresses the increasing need for effective strategies to predict, detect, and control insider threats. The primary motivation behind this research is the growing prevalence and cost of insider attacks, as highlighted by various reports. Our objective is to provide a systematic mapping of existing literature to evaluate the current state of insider threat management and identify gaps and opportunities for future research. To achieve this, we employed a systematic mapping methodology, analyzing literature from databases such as Web of Science, Scopus, and IEEE Xplore. The key stages of our methodology included defining research questions, generating search strings, applying inclusion and exclusion criteria, and conducting detailed data extraction and analysis. The main result of our study reveals that while a significant portion of the literature focuses on detection measures, there is a notable gap in predictive and preventive strategies. Additionally, the majority of proposed solutions are models and frameworks, with fewer practical tools available for real-world implementation. This research provides a comprehensive overview of the current landscape of insider threat management, highlighting the critical need for enhanced predictive and preventive measures. Our findings suggest that future research should prioritize developing robust, adaptive solutions that integrate multiple methodologies to effectively mitigate insider threats.