Posted on by Insider Threatin
The National Insider Threat Center (NITC) at the CERT Division of the SEI is developing an Insider Threat Program Evaluator (ITPE) Training course based on the methods and techniques the NITC currently uses to conduct Insider Threat Program Evaluations. This three-day, instructor-led, classroom-based, certificate training program presents strategies for measuring and evaluating an operational insider threat program within an organization. The first course will be offered in March 2018.
Organizations, including the federal government, are increasingly recognizing the need to counter insider threats and are doing it through specially focused teams. Several mandates for the federal government have been set forth in recent years including:
The NITC has developed and used an Insider Threat Program Evaluation instrument over the past five years. This instrument assesses the robustness of an organization's program to prevent, detect, and respond to insider threats and provides recommendations for enhancing the program's effectiveness. In the long term, the evaluation results help organizations reduce exposure to damage from potential insider threats and strengthen their insider threat programs.
The NITC is in the process of developing the Insider Threat Program Evaluator (ITPE) Training course based on the methods and techniques it currently uses to conduct insider threat program evaluations. The course will use scenario-based exercises to show participants how to evaluate an insider threat program. Topics of exercises and discussions include techniques and templates for evaluation preparation and execution; processes for engagement, planning, data collection, scoring, and report development; and group discussions and summarized lessons learned for each exercise.
The NITC Insider Threat Program Evaluation criteria are based on both the NITTF minimum standards and NITC best practices1 developed over its almost 20 years of research and experience in the insider threat domain, along with its continuous work helping organizations build or improve their insider threat programs.
Participants will learn about all the components of a robust insider threat program, shown below, and how to compare them to the ITPE benchmark criteria. The instrument scores along a continuum that starts with meeting the NITTF and NISPOM minimum requirements and specific NITC practices. It ends with having an exceptional set of measures or practices in place.
Figure 1: Components of an Insider Threat Program
This training is for insider threat program managers, evaluators, and team members and for those interested in licensing the CERT methodology and tools to perform an Insider Threat Program Evaluation. This course may also benefit those working in auditing or risk management.
The ITPE certificate program will enable evaluators to help organizations better understand the effectiveness of their established insider threat programs. Organizations will have the ability to license the CERT Insider Threat Program Evaluation methodology for internal use or to evaluate the effectiveness of other programs.
Participants who complete the course will be able to
The Insider Threat Program Evaluator Training joins other NITC insider threat training and certificate programs:
For more information on upcoming course dates and to register for an upcoming course, please visit https://cert.org/insiderthreat.
1 Various NITC best practices are discussed in the following resources: The CERT® Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud); Common Sense Guide to Mitigating Insider Threats (5th Ed.); and other publications located on the CERT Division web site: https://www.cert.org/insider-threat/publications/index.cfm