Insider Threat Program Evaluator Certificate

How Effective Is Your Established Insider Threat Program?

The Insider Threat Program Evaluator (ITPE) Certificate program enables evaluators to help organizations gain a better understanding of the effectiveness of their established insider threat programs. Organizations will have the ability to license the CERT Insider Threat Program Evaluation methodology for internal use or to evaluate the effectiveness of other programs.

Learners will have two years to complete each certificate component. Upon completing all certificate components, the learner is awarded an electronic certificate of completion.

Who Should Attend?

  • Insider Threat Program Team Members
  • Insider Threat Program Managers

Four Certificate Components

Review descriptions of the of the 4 individual certificate components below:

Register for all 4 certificate components at once and save

$3000 - U.S. Government/Academia
$3500 - U.S. Industry
$4000 - International

The package option includes all components necessary to obtain the ITPE Certificate.

Choose the date for the classroom component (Insider Threat Program Evaluator) to register for the package:

Mar 27-29, 2018 - Arlington, VA

Jun 26-28, 2018 - Arlington, VA

Sep 11-13, 2018 - Arlington, VA

Dec 11-13, 2018 - Arlington, VA

Insider Threat Overview:
Preventing, Detecting, and Responding to Insider Threats

Description

This online course provides a deeper understanding of insider threat terminology, identifies the different types of insider threats, teaches how to recognize both technical and behavioral indicators, and outlines mitigation strategies.

The course comprises five (5) hours of video instruction presented by experts from the CERT Insider Threat Center. Self-assessments following each topic help learners comprehend subject matter.

Successful completion of this course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator Certificate Programs.

Prerequisites

There are no prerequisites for this course.

Topics

  • Insider Threat definitions, issues, and types
  • Severity and impact of insider threat activity
  • Fraud: examples, dynamics, technical aspects, and countermeasures
  • Theft of Intellectual Property: examples, dynamics, exfiltration, and mitigation
  • Unintentional Insider Threat
  • Insider Threat Prevention, Detection, and Mitigation Strategies

Objectives

At the completion of the course, learners will be able to:

  • Define an Insider and threats they impose to critical assets
  • Recognize the difference between malicious versus unintentional insider threat
  • Recognize the most common types of insider threat
  • Identify the prevalence and damage caused by insider threat activity
  • Identify legislation enacted to help prevent insider threat
  • Describe the activity, behavioral and technical precursors, and characteristics of fraud and theft of intellectual property
  • Recognize and avoid unintentional insider threat
  • Recognize controls to potentially prevent insider attacks
  • Identify best practices for insider threat mitigation
  • Recognize the purpose of an Insider Threat Program

Materials

In additon to the course videos, learners will be able to access additional resources related to the subject matter and a downloadable copy of the course presentation slides.

Register for This Course Only

 Register for E-Learning

Pricing: $350

Delivery Mode: The CERT STEPfwd (Simulation, Training, and Exercise Platform) is a flexible, multi-media, e-learning environment that you can access anywhere, anytime. System Requirements for CERT STEPfwd are as follows:

  • Operating Systems: Windows 98 / NT 4.0 / Windows 2000 / Windows XP / Windows Vista / Windows 7 / Mac OS X
  • Web browsers: Internet Explorer 7+ or Firefox 3+
  • Adobe Flash version 10+ (for Lecture and Demo access)
  • JRE Version 6+ (for lab access)
  • Computer system and network settings that allow access to streaming video from internet sources
  • Minimum client resolution of 1280x1024 to enable proper Video and Lab Player display
  • Internet connection of 384 Kbps or greater (to sustain downloads with no more than 230 ms of latency). STEPfwd does not currently support off-line viewing or content download

Building an Insider Threat Program

Description

This 7-hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program.

Successful completion of this course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator Certificate Programs.

Learners will have one year to complete the course. Upon completing all course elements, the learner is awarded an electronic certificate of course completion.

Prerequisites

There are no prerequisites for this course. However, students are strongly advised to take Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats first to insure a thorough understanding of the course content.

Topics

  • Components of an Insider Threat Program
  • Requirements for a formal program
  • Organization-wide participation
  • Oversight of program compliance and effectiveness
  • Integration with enterprise risk management
  • Prevention, detention and response infrastructure
  • Insider Threat training and awareness
  • Confidential reporting procedures and mechanisms

Objectives

At the completion of the course, learners will be able to

  • State the key components and principles of a formalized insider threat program
  • Identify the critical organizational entities that must participate in the development, implementation, and operation of the program
  • Begin or enhance their strategic planning for developing and implementing a formalized insider threat program
  • Create an implementation plan and roll-out
  • Identify the type of staff and skills needed as part of the insider threat program operational team
  • Identify the types of policies and procedures needed to institutionalize the insider threat program
  • Identify existing organizational policies and procedures which require enhancement to support the insider threat program activities
  • CMU SEI CERT Division Digital Library Blogs
  • Determine the types of infrastructure requirements needed to support the insider threat program operations
  • Identify the type of governance and management support needed to sustain a formal insider threat program

Materials

This course is presented in the form of video instruction presented by experts from the CERT Insider Threat Center. Self-assessments following each topic presented assist with comprehension of the subject matter. Learners will also be able to access additional resources related to the subject matter and a downloadable copy of the course presentation slides.

Register for This Course Only

Register for E-Learning

Pricing: $500

Delivery Mode: The CERT STEPfwd (Simulation, Training, and Exercise Platform) is a flexible, multi-media, e-learning environment that you can access anywhere, anytime. System Requirements for CERT STEPfwd are as follows:

  • Operating Systems: Windows 98 / NT 4.0 / Windows 2000 / Windows XP / Windows Vista / Windows 7 / Mac OS X
  • Web browsers: Internet Explorer 7+ or Firefox 3+
  • Adobe Flash version 10+ (for Lecture and Demo access)
  • JRE Version 6+ (for lab access)
  • Computer system and network settings that allow access to streaming video from internet sources
  • Minimum client resolution of 1280x1024 to enable proper Video and Lab Player display
  • Internet connection of 384 Kbps or greater (to sustain downloads with no more than 230 ms of latency). STEPfwd does not currently support off-line viewing or content download

Insider Threat Program Evaluator Training

Description

This 3-day course develops the skills and competencies necessary to perform an insider threat program evaluation of an organization or organizational component.

This training and the ITPE methodology is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching the insider threat problem since 2001 in partnership with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.

The ITPE methodology and instrument can be used by an organization to meet its Insider Threat Program assessment requirement as outlined in the Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information and corresponding minimum standards developed by the National Insider Threat Task Force (NITTF).

Course participants will learn how to plan and execute an evaluation of an organization's Insider Threat Program, including developing the final evaluation report.
Please note that successful completion of this course is a required component of the Insider Threat Program Evaluator (ITPE) Certificate.

Prerequisites

Participants completing the Insider Threat Program Evaluator Training Certificate must take these prerequisite courses:

  • Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats
  • Building an Insider Threat Program

Insider Threat Program Implementation and Operation is strongly recommended, but not required, to give students additional background knowledge for the course.

Topics

  • ITPE evaluation methodology lifecycle: Planning, Pre-evaluation, On-site, and Post-evaluation / Reporting
  • ITPE workbook elements: capabilities, levels of preparedness, indicators, evidence, and scoring
  • Insider Threat Program components
  • Preparing and planning for the evaluation
  • Knowledge, skills, and abilities required to perform the evaluation
  • Building a multi-disciplinary evaluation team
  • Pre-evaluation activities including
    • completion of pre-evaluation information
    • determining logistics
    • reviewing organizational documentation
    • developing a data collection plan
  • Using Pre-evaluation tools and templates
  • Performing on-site data collection (interviews and observations)
  • Substantiating and corroborating evidence for meeting indicators
  • Recording and scoring data in the Joint Assessment Tool (JAT)
  • Developing the evaluation report
  • Completing the evaluation
  • Overview of ITPE capabilities and indicators for each program component

Objectives

At the completion of the course, learners will be able to

  • Describe the phases of the ITPE process
  • Distinguish between capabilities, levels, and indicators
  • Identify logistics that must be determined for an evaluation
  • Plan and schedule an evaluation
  • Develop a data collection plan
  • Review evaluated organization's submitted documentation to determine applicability as evidence and map to related capabilities and indicators
  • Observe execution or demonstration of activities during on-site to substantiate indicator performance
  • Interview evaluated organization's staff to corroborate performance of indicators
  • Enter evidence into the Joint Assessment Tool (JAT)
  • Substantiate evidence of indicators being met
  • Score capabilities based on indicator verification
  • Record substantiation of indicators and scores for capabilities in the JAT
  • Outline the main sections of the evaluation report
  • Write sections of the evaluation report
  • Defend results presented in the evaluation report

Materials

Participants will receive a course notebook, case studies, and a CD containing the course and supplemental materials along with a toolkit with the templates and workbook artifacts to complete the evaluation.

Register for This Course Only

Select a date to register for this classroom course in Arlington, Virginia:

Mar 27-29, 2018 - Arlington, VA

Jun 26-28, 2018 - Arlington, VA

Sep 11-13, 2018 - Arlington, VA

Dec 11-13, 2018 - Arlington, VA

Pricing
$2,250 — U.S. Government/Academia
$2,650 — U.S. Industry
$3,150 — International

Delivery Mode: Classroom

Insider Threat Program Evaluator Certificate Examination

Description

To ensure the ability of a candidate evaluator to reduce exposure to insider risk and to strengthen insider threat programs within organizations, the Insider Threat Program Evaluator (ITPE) Certificate Examination evaluates a candidate evaluator's comprehension of the CERT insider threat program evaluation methodology.

The Insider Threat Program Evaluator Certificate Examination is an objective evaluation of your understanding of the best practices for evaluating Insider Threat program effectiveness. It is required for conferral of the Software Engineering Institute's Insider Threat Program Evaluator Professional Certificate.

After registering for the exam, candidate evaluators can begin the online exam at any time. Once the examination is started, the candidate evaluator will have 6 total hours to complete the examination. The exam consists of 65 multiple choice questions. Each question has either four or five possible answers, only one of which is correct.

Who should attend?

This validation exam is required for insider threat program evaluators who wish to pursue the SEI Insider Threat Program Evaluator Certificate.

Prerequisites

Before registering for this exam, participants must complete the prerequisite courses: Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats, Building an Insider Threat Program, and Insider Threat Program Evaluator.

Topics

  • Insider Threat general overview
  • Insider Threat definitions, issues, and types
  • Severity and impact of insider threat activity
  • Unintentional Insider Threat
  • Insider Threat Prevention, Detection, and Mitigation Strategies
  • Insider Threat Program Evaluation Methodology
  • Insider Threat Evaluation phases
  • Insider Threat Evaluation scope
  • Insider Threat Evaluation capabilities and scoring
  • Insider Threat Evaluation capability areas and focus areas
  • Insider Threat Evaluation team roles and responsibilities
  • Insider Threat Evaluation team practices
  • Insider Threat Evaluation processes
  • Insider Threat Program Evaluation Tool

Objectives

Participants must achieve a minimum passing score of 80% to earn the Insider Threat Program Evaluator Certificate.

Materials

The exam is based on information found in the Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats, Building an Insider Threat Program, and Insider Threat Program Evaluator training courses. You may reference the course material as needed. Please keep in mind that the test will conclude after 6 total hours regardless of the number of questions answered.

Register for the Exam Only

Register

Pricing: $250

Delivery Mode: This examination is offered via the SEI Learning Portal, which has the following system requirements:

  • Operating Systems: Windows 98 / NT 4.0 / Windows 2000 / Windows XP / Windows Vista / Windows 7 / Mac OS X
  • Browsers: Microsoft Internet Explorer 5.5 or above / Mozilla Firefox
  • Configure your browser to allow pop-ups from this site
  • Explorer: Tools/Internet Options/Privacy
  • Firefox: Tools/Options/Content

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials.