Insider Threat Workshop

The CERT Program at Carnegie Mellon University's Software Engineering Institute has been researching insider threats since 2002. We have compiled a database containing hundreds of actual insider threat cases. Our insider threat research focuses on both technical and behavioral aspects of actual compromises; our goal is to raise awareness of the risks of insider threat and to help identify the factors influencing an insider's decision to act, the indicators and precursors of malicious acts, and the countermeasures that will improve the survivability and resiliency of the organization.

We have combined all of our work into a two day workshop on insider threat. The workshop consists of presentations and interactive exercises in which participants are led through portions of the CERT insider threat assessment instrument, which was developed to enable organizations to assess their insider threat risk. The assessment addresses technical, organizational, personnel, security, and process issues. The purpose of the exercises is to assist participants in assessing their own organization's vulnerability to insider threat in specific areas of concern. Our goal is that participants leave the workshop with actionable steps that they can take to better manage the risk of insider threat in their organization.

Who should attend?

The target audience is managers, leaders, directors, and chief executives across all facets of the organization including IT, HR, Legal, Physical Security, and Operations. The workshop will benefit team leaders, project managers, business managers, financial managers, security officers, risk officers, C-Level managers and anyone else responsible for creating, implementing, enforcing, and auditing practices and procedures throughout the organization.

What will you learn?

  • Attendees will leave the workshop with actionable steps that they can take to better manage the risk of insider threat in their organization.
  • Attendees will understand the motivation, characteristics of insiders, behavioral and technical precursors, and technical aspects of insider fraud, theft of confidential or sensitive information, and IT sabotage.
  • Attendees will understand the best practices that can be implemented to prevent insider incidents or detect them as early as possible.
  • Attendees will know what "observables" they should be looking for within their own organizations that could indicate a pending insider attack.

Course Details at a Glance

2009 Course Fees [USD]

U.S. Industry:

$1800

U.S. Government/Academic:

$1500

International:

$2100

Next Learning Opportunity

March 23 - 24, 2010 (SEI Arlington, VA)

This course may be offered by special arrangement at customer sites.



 

 

 

For More Information

 

E-mail: course-info@sei.cmu.edu
Phone: 412-268-7622

 

 


2009 Dates
May 6 - 7, 2009 (SEI Arlington, VA)
September 16 - 17, 2009 (SEI Arlington, VA)

2010 Dates
March 23 - 24, 2010 (SEI Arlington, VA)
May 4 - 5, 2010 (SEI Arlington, VA)
July 28 - 29, 2010 (SEI Arlington, VA)
September 8 - 9, 2010 (SEI Arlington, VA)

This course may be offered by special arrangement at customer sites.

Schedule

This 2 day course meets at the following times:

Days 1-2, 8:30 a.m. - 4:30 p.m. (U.S. Locations)
Days 1-2, 9:00 a.m. - 5:00 p.m. (non U.S. Locations)

  • Overview of Insider Threats
  • Insider IT Sabotage
  • Insider Theft of Information for Business Advantage (e.g. Industrial Espionage)
  • Insider Theft or Modification of Information for Financial Gain
  • Insider Threats in the Software Development Life Cycle
  • Best Practices for Prevention and Detection
There are no prerequisites for this course.
Participants will receive a course notebook, case studies and a CD containing the course and supplemental materials.