i. Departing employees - Employees who have left the firm involuntarily, such as those who have been laid off for a variety of reasons, are the most typical source of threats. When they are forced to quit the firm, they behave irrationally, resulting in infractions. Security evaders - Some employees may find ways to evade the organization's security processes to make things convenient. They pose a threat to the security as they find ways that are not secure.

ii. Malicious insiders - These are the folks that have bad feelings about the company in their heads. They have the ability tocan leak, edit, or destroy sensitive information held by the company.

iii. Inside agent - These are the people that have negative thoughts about the firm. They have the capacity can to leak, modify, or delete the company's important material.

iv. Third partyThird-party partners - These are the ones who are not on the company's payroll. They are the vendors, trainers, and suppliers who are given access to the company's network.

5.1. Sample Case

It is an insider threat that Vishwanath Akuthota, 27, of Albany, pleaded guilty today to causing harm to computers held by The College of St. Rose. On February 14, 2019, Akuthota acknowledged to inserting a "USB Killer" device onto 66 PCs. When inserted into a computer's USB port, the "USB Killer" device sends a command to the computer's on-board capacitors, causing the computer's USB port and electrical system to be overloaded and physically destroyed, as well as numerous computers monitors, and computer-enhanced podiums owned by the college in Albany. The FBI and APD investigated the matter, and Assistant US Attorney Wayne A. Myers is prosecuting it.

A security researcher uncovered a publicly available Microsoft customer support database with 250 million items gathered over 14 years at the end of December 2019. Customers' emails and IP addresses, customers' geographical locations, and notes made by Microsoft support personnel were all included in the database. These rules were misconfigured by Microsoft workers, resulting in the unintentional release.

5.2. Source of Evidence

According to (Ryan Duquette., 2016) The review of log data of all workers who are expected to leave the organization shortly might be a source of proof. This proof may be obtained via a user data analytics system. This system records of all user's internet/intranet activities from inside the organization's network, among other things. This will tell whether he has been browsing harmful websites. According to sources, ( Routledg.,2022)Security evaders - The analysis of network logs of all actions that occur on the network is another source of evidence. All zip files, for example, should be intercepted. All files larger than a specific size should be intercepted. Also captured should be a collection of possibly suspicious filename extensions. Sources claim that (M.S. Vinay.,2022) For identifying malevolent insiders via insider activity audit data, most insider threat detection systems use supervised learning models. It is critical for managers to maintain checks on their teams from the perspective of the team's managers. This may aid in the prevention of such incidents. It's time to look at log files and employ a user data analytics system once again. The assessment of a watchlistwatch list of workers submitted by the HR team to the IT security team might be a source. based on (Yasmin Razack 2022) Apart from verifying the log fields, it's crucial to do a complete background check on new personnel. Employees who are suspect suspected might be put on a watchlist once again. External parties hire these personnelthis personnel to steal or corrupt an organization's data. These personnelThis personnel may seek retaliation against a company by damaging or selling its data or disrupting operations. Employees that purposefully exploit sensitive company information for personal advantage are known as snoopers.

5.3. Collection of Evidence

According to (Ryan Duquette., 2016) The logs of the user data analytics system may be used as a source of proof. This system might be built to employ AI/machine learning to teach it to gather all important data in a proactive mannerproactively. According to sources, (Routledge.,2022) The network communication interceptors' log files. Alternatively, the logs of firewalls that are used to monitor email servers or online traffic. Sources claim that (M.S. Vinay.,2022) analysing user data Employees on the watchlist have their log files kept. These log files come from the user data analytics system's logs. Based on (Yasmin Razack 2022Employees who have been put on a watchlist's user data analytics log file. Employees who are on a watchlist are more likely to be nasty. Third-party collaborators Examining CCTV video and the user analytics system's log files.

5.4.Protection of Evidence

According to (Ryan Duquette., 2016) To establish a chain of custody for legal reasons, the evidence in the log files may be encrypted and sent on to the appropriate institutions. According to sources, ( Routledg.,2022) Once again, evidence in log files may be encrypted and handed on to the appropriate parties in order to preserve a legal chain of custody. Sources claim that (M.S. Vinay.,2022) Proof in the log files, as well as evidence of the workers' previous records, may be retained and handed on to the appropriate parties based on (Yasmin Razack 2022) Information from the two sources - the log files and the dissatisfied employee's watchlistwatch list - was correlated. Third- party partners - CCTV video records may be saved and utilised as evidence.

My findings show that it is critical to implement a User Data Analytics system on the organization's internal network. It will enable us to examine all the workers' use patterns, including, for example, the websites they visit. They may be placed on a watchlistwatch list if they visit dangerous websites.