Insider Threat Vulnerability Assessor Certificate Examination
To insure the ability of a candidate assessor to identify and manage insider threat risk within organizations, the Insider Threat Vulnerability Assessor (ITVA) Certificate Examination evaluates a candidate assessor's comprehension of the CERT insider threat assessment methodology.
The Insider Threat Vulnerability Assessor Certificate Examination is an objective evaluation of your understanding of the best practices for assessing Insider Threat risk. It is required for conferral of the Software Engineering Institute's Insider Threat Program Assessor Professional Certificate.
After registering for the exam, candidate assessors can begin the online exam at any time. Once the examination is started, the candidate assessor will have 6 total hours to complete the examination.
This validation exam is required for insider threat program assessors who wish to pursue the following SEI credentials:
- Candidate Insider Threat Vulnerability Assessors
Participants must achieve a minimum passing score of 80% for the Insider Threat Vulnerability Assessor Professional Certificate.
The exam covers the following topic areas:
- Insider Threat General Overview
- Insider Threat definitions, issues, and types
- Severity and impact of insider threat activity
- Unintentional Insider Threat
- Insider Threat Prevention, Detection, and Mitigation Strategies
- Insider Threat Vulnerability Assessment Methodology
- Insider Threat Assessment phases
- Insider Threat Assessment scope
- Insider Threat Assessment capabilities and scoring
- Insider Threat Assessment capability areas and focus areas
- Insider Threat Assessment team roles and responsibilities
- Insider Threat Assessment team practices as indicated in the ITA Software Engineering workbook guidance
- Insider Threat Assessment processes as indicated in the ITVA Data Owners workbook guidance
- Insider Threat Joint Assessment Tool (JAT)
The exam is based on instruction provided in the Overview of Insider Threat Concepts and Activities, Building an Insider Threat Program, and Insider Threat Vulnerability Assessor Training. You can reference the course materials as needed during the exam. Please keep in mind that the test will conclude after 6 total hours regardless of the number of questions answered.
Before registering for this exam, participants must complete the prerequisite courses: Overview of Insider Threat Concepts and Activities, Building an Insider Threat Program, and Insider Threat Vulnerability Assessor Training.
To access the SEI Learning Portal, your computer must have the following:
- For optimum viewing, we recommend using the following browsers: Microsoft Edge, Mozilla Firefox, Google Chrome, Safari
- These browsers are supported on the following operating systems: Microsoft Windows 8 (or higher), OSX (Last two major releases), Most Linux Distributions
- Mobile Operating Systems: iOS 9, Android 6.0
- Microsoft Edge, Firefox, Chrome and Safari follow a continuous release policy that makes difficult to fix a minimum version. For this reason, following the market recommendation we will support the last 2 major version of each of these browsers. Please note that as of January 2018, we do not support Safari on Windows.
This seven (7) hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program. This training is based upon the...
This three (3) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral indicators and outlines mitigation strategies. This instruction is based upon the research of the CERT National Insider Threat Center (NITC) of the...
3 - Day Course
This 3-day course develops the skills and competencies necessary to perform an insider threat vulnerability assessment of an organization. This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching the insider threat problem since 2001 in...
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.