Software Engineering Institute

To ensure continued excellence in identifying security posture, measuring the capabilities of formal insider threat and insider risk management programs, and characterizing processes and practices that mature insider risk management programs, the SEI objectively validates the student's understanding and eligibility to receive the CERT Insider Risk Management Measures of Effectiveness (IRM-MoE) Certificate.

The certificate examination evaluates the student's comprehension of insider threat definitions, issues, and types, as well as prevention, detection, and response strategies. In particular, the examination assesses the student's understanding of how to measure the effectiveness of a formal insider threat program, how to design and implement an insider risk management assessment methodology, and how to develop a system to capture traceable measurements back to the strategic goal of the organization to show the effectiveness of the insider risk program.

Learners can begin the online exam at any time. Once the examination is started, the learner will have 6 total hours to complete the examination.

After completing the certificate, participants may choose to be listed on the SEI website as an SEI Certificate Holder.

This validation exam is required for insider threat program professionals who wish to pursue the Software Engineering Institute's Insider Risk Management Measures of Effectiveness Professional Certificate.

Participants must achieve a minimum passing score of 80% for the Insider Risk Management Measures of Effectiveness Professional Certificate.

This exam covers topics such as

• ITVA, ITPE, and IRMPE assessment methodology lifecycles
• ITVA, ITPE, and IRMPE components
• ITVA, ITPE, and IRMPE question sets
• Assessor knowledge, skills, and abilities
• Assessment planning, preparation, and execution
• Applying the GQIM process to insider threat and insider risk management program activities

The exam is based on instruction provided in the Overview of Insider Threat Concepts and Activities, Building an Insider Threat Program, and Insider Risk Management: Measures of Effectiveness. You can reference the course materials as needed during the exam. Please keep in mind that the test will conclude after 6 total hours regardless of the number of questions answered.

Before registering for this exam, participants must complete the prerequisite courses: Overview of Insider Threat Concepts and Activities, Building an Insider Threat Program, and Insider Risk Management: Measures of Effectiveness.

To access the SEI Learning Portal, your computer must have the following:

• For optimum viewing, we recommend using the following browsers: Microsoft Edge, Mozilla Firefox, Google Chrome, Safari
• These browsers are supported on the following operating systems: Microsoft Windows 8 (or higher), OSX (Last two major releases), Most Linux Distributions
• Mobile Operating Systems: iOS 9, Android 6.0
• Microsoft Edge, Firefox, Chrome and Safari follow a continuous release policy that makes difficult to fix a minimum version. For this reason, following the market recommendation we will support the last 2 major version of each of these browsers. Please note that as of January 2018, we do not support Safari on Windows.