Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Insider Threat Overview: Preventing, Detecting and Responding to Insider Threats

This five (5) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral indicators and outlines mitigation strategies.

This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching this problem since 2001 in partnership with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community. This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including: Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM).

Please note that successful completion of this course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider threat Program Evaluator Certificate Programs. To learn more about these certificates and package pricing for the courses, please go to:

Who should attend?

  • Insider Threat Program Team Members
  • Insider Threat Program Managers


This online course contains five (5) hours of video instruction presented by experts from the CERT Insider Threat Center. Additionally, the course includes questions to confirm and reinforce your understanding of the concepts presented. The topics you will study are:

  • Insider Threat definitions, issues, and types
  • Severity and impact of insider threat activity
  • Fraud: examples, dynamics, technical aspects, and countermeasures
  • Theft of Intellectual Property: examples, dynamics, exfiltration, and mitigation
  • Unintentional Insider Threat
  • Insider Threat Prevention, Detection, and Mitigation Strategies

Learners will have one year to complete the course. Upon completing all course elements, the learner is awarded an electronic certificate of course completion.


At the completion of the course, learners will be able to:

  • Define an Insider and threats they impose to critical assets
  • Recognize the difference between malicious versus unintentional insider threat
  • Recognize the most common types of insider threat
  • Identify the prevalence and damage caused by insider threat activity
  • Identify legislation enacted to help prevent insider threat
  • Describe the activity, behavioral and technical precursors, and characteristics of
    • Fraud
    • Theft of Intellectual Property
  • Recognize and avoid unintentional insider threat
  • Recognize controls to potentially prevent insider attacks
  • Identify best practices for insider threat mitigation
  • Recognize the purpose of an Insider Threat Program


This course has no prerequisites.

The CERT STEPfwd (Simulation, Training, and Exercise Platform) is a flexible, multi-media, e-learning environment that you can access anywhere, anytime. To use STEPfwd effectively, you need the following:

  • Web browsers: Internet Explorer 7+ or Firefox 3+
  • Adobe Flash version 10+ (for Lecture and Demo access)
  • JRE Version 6+ (for lab access)
  • Computer system and network settings that allow access to streaming video from internet sources
  • Minimum client resolution of 1280x1024 to enable proper Video and Lab Player display
  • Internet connection of 384 Kbps or greater (to sustain downloads with no more than 230 ms of latency). STEPfwd does not currently support off-line viewing or content downloads. Operating Systems: Windows 98 / NT 4.0 / Windows 2000 / Windows XP / Windows Vista / Windows 7 / Mac OS X
  • Configure your browser to allow pop-ups from
  • Materials

    This course is presented in the form of video instruction presented by experts from the CERT Insider Threat Center. Self-assessments following each topic presented assist with comprehension of the subject matter. Learners will also be able to access additional resources related to the subject matter and a downloadable copy of the course presentation slides.

    Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials.

Insider Threat Certificates - Training and certificate programs for program managers, vulnerability assessors, and program evaluators - Contact us for package pricing >

Course Details

Course Fees [USD]

eLearning: $350


This self-paced course is available online. The course comprises instruction, scenarios that explore how the concepts are applied, and self-assessment.

For More Information

Phone: 412-268-7622