Abstract: Detecting insider threats and countering them is a complex task faced by information security experts in both the commercial sector and government organizations. Modern organizations depend on information technology and their information assets, which makes the problem of confronting insiders all the more urgent. Identification of insiders can be carried out by introducing a complex of both technical and organizational measures. The article proposes the use of data from the work logs of information protection software and other monitoring tools to identify insider threats and highlights a set of indicators indicating the presence of suspicious employee actions. The set of technical indicators (indicators) proposed in the article can be used to build a system of logical rules or fuzzy inference rules that allow identifying insiders in an organization. The introduction of mechanisms for analyzing the proposed indicators will improve the efficiency of the information security administrator and will help prevent incidents related to the implementation of insider threats.