Software Engineering Institute | Carnegie Mellon University

SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

InTP Series: Conclusion and Resources (Part 18 of 18)

Posted on by in

The intent of this blog series was to describe a framework that you could use as you build an insider threat program (InTP) in your organization. We hope you found it a useful resource and recommend that you refer back to it as you progress through the Initiation, Planning, Operations, Reporting, and Maintenance phases of building your InTP.

Hi, this is Randy Trzeciak, Technical Manager of the CERT Insider Threat Center in the CERT Division of the Software Engineering Institute. It is my privilege to write this final installment of the InTP blog series.

Keep in mind that building an effective InTP does not happen overnight. It is a long-term effort that needs to be incorporated into your enterprise-wide risk management program. It cannot be achieved simply by purchasing a tool or technology, although tools are an important component of an InTP. Start small by focusing on protecting what's most critical to your organization and gradually increase the scope of the InTP over time.

We recommend that you review the components of an InTP as you build one in your organization.


Establishing an Insider Threat Program (view full-size image)

InTP Guiding Principles

Throughout this blog series we acknowledge that we're not able to provide sufficient detail to provide everything you need to build your program, but we can point you to the resources you need.

If you are looking for in-depth training on how to build your program, would like to obtain an Insider Threat Program Manager Certificate, or would like our team to help you build or evaluate your program, please visit, or contact the SEI at 412-268-5800.

More from CERT Insider Threat Center


View other blog posts by CERT Insider Threat Center.

Other Publications

Visit the SEI Digital Library for other publications by .