icon-carat-right menu search cmu-wordmark

Insider Risk Management: Measures of Effectiveness

This three-day, instructor-led course develops the skills and competencies needed to assess an organization's insider threat prevention, detection, and response capabilities; evaluate the effectiveness of formal insider threat and insider risk management programs; identify the maturity of an organization's insider risk management processes and practices; and develop tailored metrics for various aspects of insider threat and insider risk management program operation.

This training is based on the work of CERT Division researchers at the Software Engineering Institute (SEI). SEI researchers have been studying insider threats since 2001 in partnership with the U.S. Department of Defense (DoD), the Department of Homeland Security (DHS), the U.S. Secret Service (USSS), other federal agencies, the intelligence community, private industry, academia, and the vendor community.

Course participants will learn how to apply the SEI's Insider Threat Vulnerability Assessment (ITVA), Insider Threat Program Evaluation (ITPE), Insider Risk Management Program Evaluation (IRMPE), and Goal, Question, Indicator, Metric (GQIM) methodologies to achieve their insider threat and insider risk management measurement objectives. This suite of methodologies provides reference models derived from over 20 years of research, experience building insider threat programs across both public and private sectors, and detailed knowledge of the strategies that can be used to develop customized metrics for numerous applications within insider risk management.

Successful completion of this course is a requirement for earning the Insider Risk Management Measures of Effectiveness (IRM-MoE) Certificate. (To learn more about the certificate and package pricing for its required courses, please visit this page: Insider Risk Management Measures of Effectiveness (IRM-MoE) Certificate.)

NOTE: If you have previously completed the prerequisite eLearning courses and wish to earn the IRM-MoE professional certificate, you must register for the IRM-MoE Examination. Online registration for the exam is available at Insider Risk Management Measures of Effectiveness Certificate Examination

Audience

  • Insider threat program practitioners (managers, analysts, etc.) looking for ways to measure the effectiveness of their insider threat and insider risk management capabilities
  • Security auditors looking for ways to extend or adapt their current auditing capabilities to comprehensively cover insider threats

Objectives

Participants who complete the course will be able to

  • Describe the phases of the ITVA, ITPE, and IRMPE assessment processes
  • Distinguish between capabilities, capability levels, capability level indicators, maturity levels, and maturity indicator levels
  • Scope assessments for particular critical assets or business processes
  • Develop assessment data-collection plans
  • Review collected data to determine its applicability as evidence, and map it to related capabilities and indicators
  • Score capabilities and indicators based on verification of collected data
  • Summarize and report assessment findings, including providing recommendations for enhancement
  • Develop customized measures of effectiveness for various aspects of insider threat and insider risk management planning, implementation, and operation

Topics

This course covers topics such as

  • ITVA, ITPE, and IRMPE assessment methodology lifecycles
  • ITVA, ITPE, and IRMPE components
  • ITVA, ITPE, and IRMPE question sets
  • Assessor knowledge, skills, and abilities
  • Assessment planning, preparation, and execution
  • Applying the GQIM process to insider threat and insider risk management program activities

Materials

Course methods include lectures, group exercises, and scenarios. Participants will receive a course notebook, case studies, and electronic course materials downloadable from the SEI Learning Portal. Participants attending in-person offerings in an SEI training facility are required to bring a laptop to be used only during course exercises.

Prerequisites

Before taking this course, you must complete the Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program courses as prerequisites.

We also strongly recommend that you take the Insider Threat Program Manager: Implementation and Operation course to provide additional background knowledge, but it is not a prerequisite.

 

IMPORTANT NOTICE:

Carnegie Mellon University/Software Engineering Institute offices will be closed for winter break, December 21, 2024-January 1, 2025. SEI course registrations received during this period will be confirmed and enrollment completed upon our return on January 2, 2025.

Course Questions?

Email: course-info@sei.cmu.edu
Phone: 412-268-7388

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.