Posted on by Insider Threatin
The CERT National Insider Threat Center (NITC) has recently developed an Insider Threat Analyst Training course. This three-day, instructor-led, classroom-based course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. Students learn various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability. The course includes instructor lectures and group discussions, as well as hands-on exercises with data to identify potential insider activity.
People with authorized access to organizational resources pose significant, often-overlooked risks to an organization's critical assets. According to the U.S. State of Cybercrime Survey, insiders were the largest source of compromise of customer, employee, and other confidential records, as well as exposure of sensitive information.
Organizations have responded: about 50% of recently surveyed organizations have an insider threat program, and an additional 36% are building one. Within these programs, one of the most critical roles is the insider threat analyst, who patrols the front lines of an organization's insider threat landscape.
That landscape can be dizzying: indicators of insider threat can hide in information streams from across the enterprise, and acting on them requires coordination of personnel and policy from different organizational units.
The NITC's new Insider Threat Analyst Training course prepares these personnel to understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. The course shows how to work with data from multiple sources to develop indicators of potential insider activity. It also teaches strategies for developing and implementing an insider threat analysis and response workflow that incorporates expertise and capabilities from across an organization.
The Insider Threat Analyst Training is based on research by the SEI's CERT Division on more than 1,300 actual incidents. The Software Engineering Institute partners on this work with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.
Participants who complete the course will be able to
The course is designed for current or potential insider threat analysts, insider threat program managers, and other insider threat program team members. Others can also benefit: those who interact and support an insider threat program team (for example, IT, information security, human resources, physical security, legal, software engineering, and data owners), as well as anyone who wants to learn more about developing technical solutions for insider threat mitigation.
The Insider Threat Analyst Training joins other NITC insider threat training and certificate programs:
For more information on upcoming course dates, and to register for an upcoming course, please visit https://cert.org/insiderthreat.
Visit the SEI Digital Library for other publications by Daniel.