Insider Threat Vulnerability Assessor Training

Heinz College

Heinz College


Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

Read more about Information Technology

Information technology is at the heart of any process connected to utilizing computers and communication systems. It is a quite broad term that is use...

Read more about Transportation and Logistics

At the moment, the logistics industry is thriving, providing millions of workplaces all over the world. It is safe to say that almost all the companie...

Who should attend

Those interested in the CERT methodology and tools to perform insider threat vulnerability assessments within their organization or in other organizations.

About the course

This 3-day course develops the skills and competencies necessary to perform an insider threat vulnerability assessment of an organization.

This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching the insider threat problem since 2001 in partnership with the U.S. Department of Defense (DoD), the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.

The Insider Threat Vulnerability Assessment helps organizations to

  • identify issues impacting their insider threat risk
  • design and implement tactical countermeasures
  • formulate a strategic action plan for long-term risk mitigation

The organizational vulnerabilities and corresponding processes for detection and response that are assessed are based on actual cases and CERT's research into appropriate mitigations.

Course participants will learn how to plan and execute an assessment including developing the final evaluation report.


At the completion of the course, learners will be able to:

  • Describe the phases of the ITVA assessment process
  • Distinguish between capabilities, levels, and indicators
  • Scope assessment for particular critical assets or business processes
  • Identify logistics that must be determined for an assessment
  • Plan and schedule an assessment
  • Develop a data collection plan
  • Review assessed organization's submitted documentation to determine applicability as evidence and map to related capabilities and indicators
  • Observe execution or demonstration of activities during on-site to substantiate indicator performance
  • Interview assessed organization's staff to corroborate performance of indicators
  • Enter evidence into the Joint Assessment Tool (JAT)
  • Substantiate evidence of indicators being met
  • Score capabilities based on indicator verification
  • Record substantiation of indicators and scores for capabilities in the JAT
  • Outline the main sections of the assessment report
  • Write sections of the assessment report
  • Defend results presented in the assessment report


The course covers topics such as:

  • ITVA assessment methodology lifecycle: Planning, Pre-Assessment, On-site, and Post-Assessment / Reporting
  • ITVA workbook components: capabilities, levels of preparedness, indicators, evidence, and scoring
  • Capability areas: Data Owners, Human Resources, Legal, Physical Security, Information Technology, Software Engineering, and Trusted Business Partners
  • ITVA workbooks including
    • types: (there are seven workbooks corresponding to the seven capability areas)
    • structure
    • use
  • Preparing and planning for the assessment
  • Knowledge, skills, and abilities required to perform the assessment
  • Building a multi-disciplinary assessment team
  • Pre-assessment activities including
    • completion of pre-assessment spreadsheet by the assessed organization
    • determining logistics
    • reviewing organizational documentation
    • developing a data collection plan
  • Using Pre-assessment tools and templates
  • Performing on-site data collection (interviews and observations)
  • Substantiating and corroborating evidence for meeting indicators
  • Recording and scoring data in the Joint Assessment Tool (JAT)
  • Developing the assessment report
  • Completing the assessment
  • Overview of ITVA capabilities and indicators for each area / workbook


Course methods include lecture, group exercises, and scenario completion. Participants will receive a course notebook, case studies and a downloadable copy of the course materials.


This 3 day course meets at the following times:

Days 1-3, 8:30 a.m. - 4:30 p.m.

Insider Threat Vulnerability Assessor Training at Heinz College

This course has no confirmed dates in the future. Subscribe to be notified when it is offered.

Something went wrong. We're trying to fix this error.

Thank you

Someone from the Coursalytics team will be in touch with you soon.


Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

Read more about Information Technology

A large part of the courses provides basic information so the students are not required to have any IT qualifications before enrolling. Most of the IT learning programs are also broken down into specific areas of interest, such as systems analysis, a...

Read more about Transportation and Logistics

Transportation and logistics courses mainly focus on global supply chain management and its key features, including air and ocean cargo administration, international documentation, end-to-end supply chain infrastructure, etc. Also, courses show how t...

Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.

We are happy to help you find a suitable online alternative.