Learn from a Trusted Partner
Our research partners include the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, as well as other federal agencies, the intelligence community, private industry, academia, and the vendor community.
As part of Carnegie Mellon University’s Software Engineering Institute, a Federally Funded Research and Development Center (FFRDC), we are uniquely positioned as a trusted broker and have been assisting the community for over a decade.
Learn more about Insider Threat research.
Fulfill Executive Order 13587
President Obama's Executive Order 13587 requires federal agencies that operate or access classified computer networks to implement an insider threat detection and prevention program.
Proposed changes to the National Industrial Security Program Operating Manual (NISPOM) would require the same of contractors that engage with such federal agencies.
Our certificate programs can help organizations satisfy the requirements of this order with sophisticated, flexible insider threat programs that are tailored to the unique circumstances of individual organizations.
The need for qualified experts to support organizations in the development and operation of insider threat programs is now greater than ever. To meet this growing demand, we are developing new solutions to transition our important research and enable others to also provide this critical support.
These programs are based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching this problem since 2001.
We describe the insider threat solutions we've developed below. Download our CERT Cybersecurity Training and Education catalog to see the full range of training and certificate programs we offer.
Who Should Attend
These programs are for individuals in government and industry organizations that are looking to build, assess, or evaluate an insider threat program, while protecting the privacy and civil liberties of their employees.
This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including: Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed...
Insider Threat Awareness Training (ITAT)
What are “insider threats?” They can put your organization at risk—and put you at risk, too. How can you protect yourself and your organization? Take this training to become familiar with essential concepts of insider threat and your role in protecting your organization’s critical assets.
The SEI’s Insider Threat Awareness Training is based on 14 years of research conducted by the CERT Insider Threat Center with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, and other key partners in federal agencies, the intelligence community, private industry, academia, and the vendor community.
All employees at organizations of any size could benefit from this training, which complies with the guidance provided in a number of government mandates including Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM).
Insider Threat Program Manager (ITPM)
The ITPM certificate program will assist insider threat program managers developing a formal insider threat program. The certificate will cover areas such as insider threat planning, identification of internal and external stakeholders, components of an insider threat program, insider threat team development, strategies for effective communication of the program, and how to effectively implement and operate the program within the organization.Learn More
Available Late Spring 2016
Insider Threat Program Evaluator (ITPE)
Insider Threat Vulnerability Assessor (ITVA)
The ITVA program enables assessors to help organizations gain a better understanding of their insider threat risk and an enhanced ability to identify and manage associated risks. The assessment methodology assists organizations by measuring how prepared they are to prevent, detect, and respond to the insider threat. Organizations will have the ability to license the CERT Insider Threat Vulnerability Assessment tool for internal use or to assess others for potential vulnerabilities.Learn More
"...23% of enterprises have experienced insider-driven data breaches."
"Regardless of the technology in place to protect data, people still represent the biggest threat."
"The insider threat is alive, thriving and often responsible for major data breaches that expose everything from consumer credit-card information to valuable intellectual property...."
What is Insider Threat?
A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.
How We Identify Insider Threat
The CERT Insider Threat Center conducts empirical research and analysis to develop and transition sociotechnical solutions to combat insider cyber threats. The foundation of our work is our database of more than 1000 insider threat cases. We use system dynamics modeling to characterize the nature of the insider threat problem, explore dynamic indicators of insider threat risk, and identify and experiment with administrative and technical controls for insider threat mitigation.
How We Combat Insider Threat
The CERT insider threat lab provides a foundation to identify, tune, and package technical controls as an extension of our modeling efforts. We have developed an assessment framework based on data from cases of fraud, theft of intellectual property, and IT sabotage. This framework helps organizations identify their technical and nontechnical vulnerabilities to insider threats as well as executable countermeasures.