Our research partners include the Department of Defense, the
Department of Homeland Security, the U.S. Secret Service, as well as
other federal agencies, the intelligence community, private industry,
academia, and the vendor community.
As part of Carnegie Mellon University’s Software Engineering
Institute, a Federally Funded Research and Development Center (FFRDC),
we are uniquely positioned as a trusted broker and have been assisting
the community for over a decade.
President Obama's Executive Order 13587 requires federal agencies that operate or access classified computer networks to implement an insider threat detection and prevention program.
Proposed changes to the National Industrial Security Program Operating Manual (NISPOM) would require the same of contractors that engage with such federal agencies.
Our certificate programs can help organizations satisfy the requirements of this order with sophisticated, flexible insider threat programs that are tailored to the unique circumstances of individual organizations.
The need for qualified experts to support organizations in the development and operation of insider threat
programs is now greater than ever. To meet this growing demand, we are developing new solutions to
transition our important research and enable others to also provide this critical support.
These programs are based upon the research of the CERT Insider Threat Center of the Software
Engineering Institute. The CERT Insider Threat Center has been researching this problem since 2001
Who Should Attend
These programs are for individuals in government and industry organizations that are looking to build,
assess, or evaluate an insider threat program, while protecting the privacy and civil liberties of their
This training course supports organizations implementing and managing insider threat detection and
prevention programs based on various government mandates or guidance including: Presidential
Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed...
Insider Threat Awareness Training (ITAT)
What are “insider threats?” They can put your organization at
risk—and put you at risk, too. How can you protect yourself and your
organization? Take this training to become familiar with essential
concepts of insider threat and your role in protecting your
organization’s critical assets.
The SEI’s Insider Threat Awareness Training is based on 14 years of
research conducted by the CERT Insider Threat Center with the Department
of Defense, the Department of Homeland Security, the U.S. Secret
Service, and other key partners in federal agencies, the intelligence
community, private industry, academia, and the vendor community.
All employees at organizations of any size could benefit from this
training, which complies with the guidance provided in a number of
government mandates including Presidential Executive Order 13587, the
National Insider Threat Policy and Minimum Standards, and proposed
changes set forth in the National Industrial Security Program Operating
The ITPM certificate program will assist insider threat program
managers developing a formal insider threat program. The certificate
will cover areas such as insider threat planning, identification of
internal and external stakeholders, components of an insider threat
program, insider threat team development, strategies for effective
communication of the program, and how to effectively implement and
operate the program within the organization.
The ITPM certificate program will assist insider threat program managers developing a formal insider threat program. The certificate will cover areas such as insider threat planning, identification of internal and external stakeholders, components of an insider threat program, insider threat team development, strategies for effective communication of the program, and how to effectively implement and operate the program within the organization.
The ITVA program enables assessors to help organizations gain a
better understanding of their insider threat risk and an enhanced
ability to identify and manage associated risks. The assessment
methodology assists organizations by measuring how prepared they
are to prevent, detect, and respond to the insider threat. Organizations
will have the ability to license the CERT Insider Threat Vulnerability
Assessment tool for internal use or to assess others for potential
"...23% of enterprises have experienced insider-driven data breaches."
InformationWeek Insider Threat Survey Report, March 2014
"Regardless of the technology in place to protect data, people still represent the biggest threat."
Alex Ryskin, IT director for the laser laboratories at the University of Rochester, NY. Quoted in Oak Ridge Laboratory's "Anatomy of an Insider Threat: Case Study in Human Vulnerabilities"
"The insider threat is alive, thriving and often responsible for major data breaches that expose everything from consumer credit-card information to valuable intellectual property...."
InformationWeek Insider Threat Survey Report, March 2014
What is Insider Threat?
A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.
The CERT Insider Threat Center conducts empirical research and analysis to develop and transition sociotechnical solutions to combat insider cyber threats. The foundation of our work is our database of more than 1000 insider threat cases. We use system dynamics modeling to characterize the nature of the insider threat problem, explore dynamic indicators of insider threat risk, and identify and experiment with administrative and technical controls for insider threat mitigation.
The CERT insider threat lab provides a foundation to identify, tune, and package technical controls as an extension of our modeling efforts. We have developed an assessment framework based on data from cases of fraud, theft of intellectual property, and IT sabotage. This framework helps organizations identify their technical and nontechnical vulnerabilities to insider threats as well as executable countermeasures.