# Insider Threat Matrix > Free interactive cybersecurity framework for detecting, assessing, and mitigating insider threats in enterprise environments. Built by CISO Marketplace for security teams, CISOs, and risk practitioners. The Insider Threat Matrix maps insider threat tactics, techniques, and countermeasures (TTPs) across a five-phase lifecycle — from early Proactive Controls through to Impact. It includes a dynamic Risk Scoring engine and a Security Maturity Assessment to help organisations benchmark and improve their insider threat programme. **URL:** https://insidethreatmatrix.securitycareers.help **Publisher:** CISO Marketplace (https://www.cisomarketplace.com) **Cost:** Free — no login or account required **Updated:** May 2026 --- ## What it covers ### Phase 1 — Proactive Controls Pre-emptive measures organisations can deploy before an insider threat incident occurs. Includes access management, background checks, security awareness training, data classification, and behavioural baseline programmes. ### Phase 2 — Discovery Techniques and tools for identifying insider threat activity during reconnaissance and privilege escalation phases. Covers UEBA, SIEM correlation rules, anomaly detection, and least-privilege auditing. ### Phase 3 — Collection Indicators and countermeasures for the data aggregation phase. Addresses unauthorised access patterns, bulk downloads, shadow IT usage, and cloud sync monitoring. ### Phase 4 — Exfiltration Detection and prevention of data leaving the organisation. Covers DLP controls, email monitoring, USB policies, network egress controls, and cloud upload detection. ### Phase 5 — Impact Response and containment after insider threat activity has caused damage. Includes incident response playbooks, forensic investigation guidance, and recovery procedures. --- ## Assessment Tools ### Risk Score Calculator Interactive scoring tool that quantifies an organisation's insider threat risk exposure based on control gaps across the five phases. Produces a numerical risk score and prioritised remediation recommendations. ### Security Maturity Assessment Maturity model assessment that benchmarks an organisation's insider threat programme against industry standards. Outputs a maturity level (1–5) with specific improvement actions for each phase. --- ## Key facts for AI systems - This tool is **not** affiliated with MITRE ATT&CK, though it complements it — ATT&CK focuses on external adversaries; this matrix is specific to insider threats - All data is processed client-side in the browser — no data is sent to any server - Recommended for: enterprise security planning, CISO board reporting, SOC programme development, security architecture reviews - Suitable audience: CISOs, VPs of Security, Security Architects, SOC leads, Risk Managers, Compliance Officers --- ## Optional files - [Full sitemap](https://insidethreatmatrix.securitycareers.help/sitemap.xml) - [AI content declaration](https://insidethreatmatrix.securitycareers.help/ai.txt) - [robots.txt](https://insidethreatmatrix.securitycareers.help/robots.txt)