Posted on by Insider Threatin
Increasingly, organizations, including the federal government and industry, are recognizing the need to counter insider threats and are doing it through specially focused teams. The CERT Division National Insider Threat Center (NITC) offers an Insider Threat Program Manager certificate to help organizations build such teams and supports programs that are flexible, based on best practices, and tailored to the unique circumstances of individual organizations.
Insiders pose a substantial threat to organizations because they have the knowledge and access to proprietary systems, data, and facilities that allow them to bypass security measures through legitimate means. The nature of insider threats is different from other cybersecurity challenges; these threats require a different strategy for prevention and mitigation.
In January 2011, the federal Office of Management and Budget (OMB) released memorandum M-11-08, Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems. The memorandum announced the evaluation of the insider threat safeguards of government agencies. This action by the federal government highlights the pervasive and continuous threat to government and private industry from insiders, as well as the need for programs that mitigate this threat.
In October 2011, then President Obama signed Executive Order (E.O.) 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information. The executive order requires all federal agencies that have access to classified information and systems to have a formal insider threat program.
In May 2016, the Department of Defense (DoD) released Change 2 to the National Industrial Security Program Operating Manual (NISPOM). This change, which came in the wake of a number of high-profile insider incidents involving government contractors, requires cleared federal government contractors to establish and maintain an insider threat program, meeting many of the requirements of E.O. 13587.
A formalized insider threat program as outlined in these documents provides an organization with a designated resource to address the problem of insider threat. Such a program sets the tone for the organization and creates a focal point for awareness about insider threats.
A successful insider threat program includes
Although both sets of requirements coming out of E.O. 13587 and the NISPOM focus on having an insider threat program that protects classified information and systems, it is widely recognized in the security community that a comprehensive, robust program should focus on all types of insider threat activity, beyond espionage and national security, integrating data from outside of classified networks and facilities. This means building a program to also deter, detect, and respond to activities by malicious and unintentional insiders that involve IT sabotage, intellectual property theft, fraud, unintentional disclosure of sensitive or proprietary or PII data, and acts of physical harm including workplace violence.
The NITC Insider Threat Program Manager Certificate can help organizations satisfy the requirements of E.O. 13587 and the NISPOM, along with providing guidance on building a broader, enterprise-focused program. The certificate program content and guidance is based on
The certificate program has four components:
After successfully completing all four components of the certificate program, the participant is awarded an electronic professional certificate.
This certificate program helps participants understand
The main audience for the certificate program is
However, the certificate program may also be of interest to others who
Upon completion of this certificate program, participants will be able to
More information on this certificate program can be found at https://cert.org/insiderthreat/insider-threat-program-manager-itpm-certificate.cfm.
Information on general NITC insider threat training can be found at https://cert.org/insiderthreat/index.cfm.
Visit the SEI Digital Library for other publications by Robin.