Insider Threat Program Manager (ITPM) Certificate

The ITPM certificate program will assist insider threat program managers developing a formal insider threat program. The certificate will cover areas such as insider threat planning, identification of internal and external stakeholders, components of an insider threat program, insider threat team development, strategies for effective communication of the program, and how to effectively implement and operate the program within the organization.

Learners will have one year to complete each certificate component. Upon completing all certificate components, the learner is awarded an electronic certificate of completion.

Who Should Attend?

  • Insider Threat Program Team Members
  • Insider Threat Program Managers

Package

Register for all 4 certificate components at once and save:

  • $3000 – U.S. Government/Academia
  • $3500 – U.S. Industry
  • $4000 – International

The package option includes all components necessary to obtain the ITPM Certificate. Choose the date for the classroom component (Insider Threat Program Implementation and Operation) to register for the package:

Each of the above price options is available at one of the following offerings:

Components

  • Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats
  • E–Learning
  • This 5-hour course provides a deeper understanding of insider threat terminology, identifies the different types of insider threats, teaches how to recognize both technical and behavioral indicators, and outlines mitigation strategies.
  • Learn more about:
  • Prerequisites
  • Topics
  • Objectives
  • Materials
  • System Requirements
  • $350 Register
  • Building an Insider Threat Program
  • E–Learning
  • This 7-hour course is to provide a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program.
  • Learn more about:
  • Prerequisites
  • Topics
  • Objectives
  • Materials
  • System Requirements
  • $500 Register
  • Insider Threat Program Manager Certificate Exam
  • Online Exam
  • Candidate managers must successfully complete this exam to obtain the certificate. Once the examination is started, the learner will have 24 hours to complete the examination.
  • Learn more about:
  • Prerequisites
  • Topics
  • Objectives
  • Materials
  • System Requirements
  • $250 Register

Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats

E-Learning

This 5-hour online course provides a deeper understanding of insider threat terminology, identifies the different types of insider threats, teaches how to recognize both technical and behavioral indicators, and outlines mitigation strategies.

Please note that successful completion of this course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator Certificate Programs.

Prerequisites

There are no prerequisites for this course.

Topics

This online course contains five (5) hours of video instruction presented by experts from the CERT Insider Threat Center. Additionally, the course includes questions to confirm and reinforce your understanding of the concepts presented. The topics you will study are:

  • Insider Threat definitions, issues, and types
  • Severity and impact of insider threat activity
  • Fraud: examples, dynamics, technical aspects, and countermeasures
  • Theft of Intellectual Property: examples, dynamics, exfiltration, and mitigation
  • Unintentional Insider Threat
  • Insider Threat Prevention, Detection, and Mitigation Strategies

Objectives

At the completion of the course, learners will be able to:

  • Define an Insider and threats they impose to critical assets
  • Recognize the difference between malicious versus unintentional insider threat
  • Recognize the most common types of insider threat
  • Identify the prevalence and damage caused by insider threat activity
  • Identify legislation enacted to help prevent insider threat
  • Describe the activity, behavioral and technical precursors, and characteristics of fraud and theft of intellectual property
  • Recognize and avoid unintentional insider threat
  • Recognize controls to potentially prevent insider attacks
  • Identify best practices for insider threat mitigation
  • Recognize the purpose of an Insider Threat Program

Materials

This course is presented in the form of video instruction presented by experts from the CERT Insider Threat Center. Self-assessments following each topic presented assist with comprehension of the subject matter. Learners will also be able to access additional resources related to the subject matter and a downloadable copy of the course presentation slides.

System Requirements

The CERT STEPfwd (Simulation, Training, and Exercise Platform) is a flexible, multi-media, e-learning environment that you can access anywhere, anytime. To use STEPfwd effectively, you need the following:

  • Operating Systems: Windows 98 / NT 4.0 / Windows 2000 / Windows XP / Windows Vista / Windows 7 / Mac OS X
  • Web browsers: Internet Explorer 7+ or Firefox 3+
  • Adobe Flash version 10+ (for Lecture and Demo access)
  • JRE Version 6+ (for lab access)
  • Computer system and network settings that allow access to streaming video from internet sources
  • Minimum client resolution of 1280x1024 to enable proper Video and Lab Player display
  • Internet connection of 384 Kbps or greater (to sustain downloads with no more than 230 ms of latency). STEPfwd does not currently support off-line viewing or content download

Back to Top

Insider Threat Program Implementation and Operation

Classroom

This 3.5-day classroom course builds upon the initial concepts presented in the prerequisite courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats and Building an Insider Threat Program. The course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components.

Please note that successful completion of this course is a required component of the Insider Threat Program Manager Certificate Program. This course is also recommended for anyone pursing the certificates for the Insider Threat Vulnerability Assessor or Insider Threat Program Evaluator, but is not required.

Prerequisites

Before taking this course, participants who are completing the Insider Threat Program Manager Certificate Program must first take these courses:

  • Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats
  • Building an Insider Threat Program

Topics

The course covers topics such as:

  • Building the Insider Threat Program Framework
  • Developing an enterprise-wide approach and interdisciplinary project team
  • Building or enhancing policies and processes to include insider threat program considerations
  • Identifying critical asset and protection needs
  • Identifying risks to assets from insiders and enhancing any risk management program to take into account risks from insiders
  • Enhancing organizational training and awareness programs to include insider threat
  • Enhancing organizational infrastructures to support the Insider Threat Program by determining what defenses are needed, and where enhancements are necessary
  • Building the data collection and analysis function for both technical and behavioral data
  • Identifying data sources and priorities
  • Building a Roadmap for implementation
  • Considerations for operations
  • Future improvements to the program

Objectives

At the completion of the course, learners will be able to:

  • Identify critical assets and protection schemes
  • Coordinate a cross-organizational team to help develop and implement the Insider Threat Program
  • Develop a framework for their Insider Threat Program
  • Identify methods to gain management support and sponsorship
  • Plan the implementation for their Insider Threat Program
  • Identify organizational policies and processes that require enhancement to accommodate insider threat components
  • Identify data sources and priorities for data collection
  • Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program
  • Outline operational considerations and requirements need to implement the program
  • Build policies and processes to help hire the right staff, develop an organizational culture of security
  • Improve organizational security awareness training
  • Identify training competencies for insider threat team staff

Materials

Course methods include lecture, group exercises, and scenario completion. Participants will receive a course notebook, case studies and a CD containing the course and supplemental materials.

Schedule

This 3.5-day course meets at the following times:

Days 1-3
8:30 a.m. - 4:30 p.m.

Day 4
8:30 a.m. - 1:00 p.m.

Back to Top

Building an Insider Threat Program

E-Learning

This 7-hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program.

Please note that successful completion of this course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator Certificate Programs.

Prerequisites

There are no prerequisites for this course. However, students are strongly advised to take Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats first to insure a thorough understanding of the course content.

Topics

This online course contains seven (7) hours of video instruction presented by experts from the CERT Insider Threat Center. Additionally, the course includes questions to confirm and reinforce your understanding of the concepts presented. The topics you will study are:

  • Components of an Insider Threat Program
  • Requirements for a formal program
  • Organization-wide participation
  • Oversight of program compliance and effectiveness
  • Integration with enterprise risk management
  • Prevention, detention and response infrastructure
  • Insider Threat training and awareness
  • Confidential reporting procedures and mechanisms

Learners will have one year to complete the course. Upon completing all course elements, the learner is awarded an electronic certificate of course completion.

Objectives

At the completion of the course, learners will be able to:

  • State the key components and principles of a formalized insider threat program
  • Identify the critical organizational entities that must participate in the development, implementation, and operation of the program
  • Begin or enhance their strategic planning for developing and implementing a formalized insider threat program
  • Create an implementation plan and roll-out
  • Identify the type of staff and skills needed as part of the insider threat program operational team
  • Identify the types of policies and procedures needed to institutionalize the insider threat program
  • Identify existing organizational policies and procedures which require enhancement to support the insider threat program activities
  • CMU SEI CERT Division Digital Library Blogs
  • Determine the types of infrastructure requirements needed to support the insider threat program operations
  • Identify the type of governance and management support needed to sustain a formal insider threat program

Materials

This course is presented in the form of video instruction presented by experts from the CERT Insider Threat Center. Self-assessments following each topic presented assist with comprehension of the subject matter. Learners will also be able to access additional resources related to the subject matter and a downloadable copy of the course presentation slides.

System Requirements

The CERT STEPfwd (Simulation, Training, and Exercise Platform) is a flexible, multi-media, e-learning environment that you can access anywhere, anytime. To use STEPfwd effectively, you need the following:

  • Operating Systems: Windows 98 / NT 4.0 / Windows 2000 / Windows XP / Windows Vista / Windows 7 / Mac OS X
  • Web browsers: Internet Explorer 7+ or Firefox 3+
  • Adobe Flash version 10+ (for Lecture and Demo access)
  • JRE Version 6+ (for lab access)
  • Computer system and network settings that allow access to streaming video from internet sources
  • Minimum client resolution of 1280x1024 to enable proper Video and Lab Player display
  • Internet connection of 384 Kbps or greater (to sustain downloads with no more than 230 ms of latency). STEPfwd does not currently support off-line viewing or content download

Back to Top

Insider Threat Program Manager Certificate Exam

Online Exam

This validation exam is required for insider threat program managers who wish to pursue the Insider Threat Program Manager Certificate.

To ensure continued excellence in Insider Threat program development, implementation, and operation, the SEI objectively validates the student's understanding and eligibility to receive the Insider Threat Program Manager (ITPM) Certificate. The certificate exam evaluates the student's comprehension of insider threat planning, identification and responsibilities of internal and external stakeholders, components of an insider threat program, insider threat team development, strategies for effective communication of the program, and effective implementation and operation of the program within the organization.

Learners can begin the online exam at any time. Once the examination is started, the learner will have 24 hours to complete the examination.

Prerequisites

Before registering for this exam, participants must complete these prerequisite courses:

  • Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats
  • Building an Insider Threat Program
  • Insider Threat Program Implementation and Operation.

Topics

The exam consists of 65 multiple choice questions. Each question has either four or five possible answers, only one of which is correct. The exam covers the following topic areas:

  • Insider Threat definitions, issues, and types
  • Severity and impact of insider threat activity
  • Fraud: examples, dynamics, technical aspects, and countermeasures
  • Theft of Intellectual Property: examples, dynamics, exfiltration, and mitigation
  • Unintentional Insider Threat
  • Insider Threat Prevention, Detection, and Mitigation Strategies
  • Components of an Insider Threat Program
  • Requirements for a formal program
  • Oversight of program compliance and effectiveness
  • Integration with enterprise risk managementPrevention, detention and response infrastructure
  • Confidential reporting procedures and mechanisms
  • Building the Insider Threat Program Framework
  • Developing an enterprise-wide approach and interdisciplinary project team
  • Building or enhancing policies and processes to include insider threat program considerations
  • Identifying critical asset and protection needs
  • Identifying risks to assets from insiders and enhancing any risk management program to take into account risks from insiders
  • Enhancing organizational training and awareness programs to include insider threat
  • Enhancing organizational infrastructures to support the Insider Threat Program by determining what defenses are needed, and where enhancements are necessary
  • Building the data collection and analysis function for both technical and behavioral data
  • Identifying data sources and priorities
  • Building a roadmap for implementation
  • Considerations for operations
  • Future improvements to the program

Objectives

Participants must achieve a minimum passing score of 80% for the Insider Threat Program Manager Certificate.

Materials

The exam is based on information found in the prerequisite courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats, Building an Insider Threat Program, and Insider Threat Program Implementation and Operation. You may reference the course material as needed. Please keep in mind that the test will conclude after 24 hours regardless of the number of questions answered.

System Requirements

To access the SEI Learning Portal, your computer must have the following:

  • Operating Systems: Windows 98 / NT 4.0 / Windows 2000 / Windows XP / Windows Vista / Windows 7 / Mac OS X
  • Browsers: Microsoft Internet Explorer 5.5 or above / Mozilla Firefox
  • Configure your browser to allow pop-ups from this site.
    Explorer: Tools > Internet Options > Privacy
    Firefox: Tools > Options > Content

Back to Top