The cornerstones of any insider threat program (InTP) are a formal training and awareness curriculum and a defined set of educational activities. A successful InTP requires multiple levels of training for different parts of the organization and different types of employees. Of course, any training program should fit within the mission and culture of the implementing organization and should leverage existing expertise and processes.

Hi, this is Robin Ruefle, team lead of the Organizational Solutions group in the CERT Insider Threat Center. In this week's blog post I'm providing a overview of the types of training that should be considered as part of an effective InTP. Even if you don't have a formal program, you may still want to think about implementing some of these training ideas.

The purpose of an insider threat training and awareness program can be twofold:

1. increase awareness about the threat posed by insiders and the organization's InTP
2. provide skill and knowledge development for the staff involved in daily activities related to preventing, detecting, and mitigating insider threats

The CERT Insider Threat Center recommends five types of training:

1. General insider threat awareness training for all staff that provides insight into what insider threats are and how they should be reported and handled
2. Core training for InTP team members and governance bodies that covers how they should perform their key activities and functions, including related processes, tools, and policies
3. Role-based training for those involved in insider threat prevention, detection, and resolution, including but not limited to human resources, Information Technology, legal, physical security and personnel security staff
4. Specialized training for staff who access classified information that covers their responsibility to report suspicious behaviors, protect sensitive information, and follow information disclosure and data classification schemes
5. Specialized training for managers and supervisors that helps them understand their role in the InTP, identify behavioral precursors to malicious insider activities, coach and manage employees, and ensure employees get appropriate assistance as needed

Besides foundational training in these areas, periodic refreshers and ongoing activities, such as newsletters, seminars, or training exercises, help to keep insider threat considerations in focus day-to-day for employees.

Key to any InTP training program is ensuring that employees understand how malicious insiders might target them and how insider threat activities might impact their work and their organization's mission. Formal processes used for developing, tracking, and updating training along with having designated leads who can plan and implement training strategies helps to keep content fresh and staff engaged.

More in-depth information on building these components of a formal insider threat training and awareness program can be found in the courses that are part of our Insider Threat Program Manager Certificate Program. The training provided as part of this program covers all the important steps of implementing an InTP in your organization.

If you have questions or comments about this post or this blog series, let us know.