Who should attend
- Insider Threat Program Team Members
- Insider Threat Program Managers
About the course
This 3-day classroom course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. It discusses various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability.
This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching this problem since 2001 in partnership with the U.S. Department of Defense (DoD), the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community. This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including: Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM).
At the completion of the course, learners will be able to:
- Work with raw data to identify concerning behaviors and activity of potential insiders
- Identify the technical requirements for accessing data for insider threat analysis
- Develop insider threat indicators that fuse data from multiple sources
- Apply advanced analytics for identifying insider anomalies
- Measure the effectiveness of insider threat indicators and anomaly detection methods
- Navigate the insider threat tool landscape
- Describe the policies, practices, and procedures needed for an insider threat analysis process
- Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process
The course covers topics such as:
- Strategies on identifying risks to assets from insiders
- Building a data collection and analysis function for both technical and behavioral data
- Identifying data sources for insider threat analysis
- Prioritizing data sources to include in an analysis function
- Developing insider threat indicators from raw data
- Advanced analytics for insider threat mitigation
- Correlating data from disparate sources
- Resolving multiple accounts to single entities
- Indicator patterns and sequences
- Insider threat anomaly detection methods
- Measuring the effectiveness of insider threat controls
- Features and functionality of tools used in insider threat mitigation
- CERT's methodology for insider threat tool testing
- Developing an insider threat data collection and analysis process
- Continuous improvement
- Developing an insider threat incident response process
This 3 day course meets at the following times:
Days 1-3, 8:30 a.m. - 4:30 p.m.
Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.
We are happy to help you find a suitable online alternative.