search menu icon-carat-right cmu-wordmark

InTP Series: Conclusion and Resources (Part 18 of 18)

CERT Insider Threat Center
• Insider Threat Blog
CERT Insider Threat Center

The intent of this blog series was to describe a framework that you could use as you build an insider threat program (InTP) in your organization. We hope you found it a useful resource and recommend that you refer back to it as you progress through the Initiation, Planning, Operations, Reporting, and Maintenance phases of building your InTP.

Hi, this is Randy Trzeciak, Technical Manager of the CERT Insider Threat Center in the CERT Division of the Software Engineering Institute. It is my privilege to write this final installment of the InTP blog series.

Keep in mind that building an effective InTP does not happen overnight. It is a long-term effort that needs to be incorporated into your enterprise-wide risk management program. It cannot be achieved simply by purchasing a tool or technology, although tools are an important component of an InTP. Start small by focusing on protecting what's most critical to your organization and gradually increase the scope of the InTP over time.

We recommend that you review the components of an InTP as you build one in your organization.


Establishing an Insider Threat Program (view full-size image)

InTP Guiding Principles

Throughout this blog series we acknowledge that we're not able to provide sufficient detail to provide everything you need to build your program, but we can point you to the resources you need.

If you are looking for in-depth training on how to build your program, would like to obtain an Insider Threat Program Manager Certificate, or would like our team to help you build or evaluate your program, please visit, or contact the SEI at 412-268-5800.

About the Author