Posted on by Insider Threatin
The cornerstones of any insider threat program (InTP) are a formal training and awareness curriculum and a defined set of educational activities. A successful InTP requires multiple levels of training for different parts of the organization and different types of employees. Of course, any training program should fit within the mission and culture of the implementing organization and should leverage existing expertise and processes.
Hi, this is Robin Ruefle, team lead of the Organizational Solutions group in the CERT Insider Threat Center. In this week's blog post I'm providing a overview of the types of training that should be considered as part of an effective InTP. Even if you don't have a formal program, you may still want to think about implementing some of these training ideas.
The purpose of an insider threat training and awareness program can be twofold:
The CERT Insider Threat Center recommends five types of training:
Besides foundational training in these areas, periodic refreshers and ongoing activities, such as newsletters, seminars, or training exercises, help to keep insider threat considerations in focus day-to-day for employees.
Key to any InTP training program is ensuring that employees understand how malicious insiders might target them and how insider threat activities might impact their work and their organization's mission. Formal processes used for developing, tracking, and updating training along with having designated leads who can plan and implement training strategies helps to keep content fresh and staff engaged.
More in-depth information on building these components of a formal insider threat training and awareness program can be found in the courses that are part of our Insider Threat Program Manager Certificate Program. The training provided as part of this program covers all the important steps of implementing an InTP in your organization.
If you have questions or comments about this post or this blog series, let us know.