Risk Assessment & Insider Threat training teaches managers, executives, security and business continuity professionals, risk managers, compliance personnel, and insider threat program managers to develop strategies for protecting their organizations from security threats, and to better manage their risks. Topics covered include the CERT Resilience Management Model (CERT-RMM), OCTAVE Allegro method, and insider threat program management best practices.
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) approach. The OCTAVE approach provides organizations a comprehensive methodology that focuses on information assets in their operational contexts. Risks are identified and analyzed based on where they originate—at the points where information is stored, transported, and processed. By focusing on operational risks to information, participants learn to view risk assessment in the context the organization's strategic objectives and risk tolerances.
The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context. Risks are identified and analyzed based on where they originate, at the points where information is stored, transported, and processed. By focusing on operational risks to information assets, participants learn to view risk assessment in the context of the organization's strategic objectives and risk tolerances.
This seven (7) hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program.
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT® Resilience Management Model (CERT-RMM) v1.1. Individuals seeking to become SEI-Certified CERT-RMM Lead Appraisers must complete this course as part of their certification requirements.
Improve your organizational resiliency by attending a year-long series of workshops at the Software Engineering Institute (SEI). You will experience hands-on activities to understand, compare, and enhance your organizational resilience, using the CERT-RMM as the guide. The CERT-RMM helps to ensure that the organization's important assets - people, information, technology, and facilities - stay productive in supporting business processes and services.
This one hour course provides a basic understanding of insider threats within an organization and what employees should be aware of in their responsibilities to protect an organization's critical assets. This course explains how your work can be affected and how you can be targeted by Insider Threats.
This five (5) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral indicators and outlines mitigation strategies.
This three day course builds upon the initial concepts presented in the prerequisite courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats and Building an Insider Threat Program. The course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components.
To ensure continued excellence in Insider Threat program development, implementation, and operation, the SEI objectively validates the student's understanding and eligibility to receive the Insider Threat Program Manager (ITPM) Certificate. The certificate exam evaluates the student's comprehension of insider threat planning, identification and responsibilities of internal and external stakeholders, components of an insider threat program, insider threat team development, strategies for effective communication of the program, and effective implementation and operation of the program within the organization.
This 3-day course develops the skills and competencies necessary to perform an insider threat vulnerability assessment of an organization. This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching the insider threat problem since 2001 in partnership with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.
To insure the ability of a candidate assessor to identify and manage insider threat risk within organizations, the Insider Threat Vulnerability Assessor (ITVA) Certificate Examination evaluates a candidate assessor's comprehension of the CERT insider threat assessment methodology.
This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.1. CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk. By improving operational resilience processes (such as vulnerability analysis, incident management, and service continuity), an organization can use the model to improve and sustain the resilience of mission-critical assets and services. Because organizations can't plan for every disruption, the maturity model feature of CERT-RMM can be used to measure and improve the consistency and predictability of performance under times of stress.
It is critical to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. Students in this course will use real-world strategic objectives to develop specific business goals and the applicable questions, indicators, and actionable metrics that they can implement at their own organizations to improve their ability to manage operational risks, particularly cybersecurity risks.
This two-day course provides the foundation for a more practical approach to risk management that builds from a straightforward, broad-view method to a complex array of techniques needed for in-depth analyses of complex risks. Through an interactive learning environment using discussion, examples, worksheets, and exercises, participants will be able to grasp the essentials of the practical, easy-to-use techniques.
This online course introduces risk management concepts and explains the 20 key drivers that comprise the SEI risk-based method for assessing complex projects, the Mission Diagnostic Protocol. This course explains what these drivers are and how the assessment of a program using the drivers creates a profile of a program's chances of success.
This two-day, virtual course introduces the Smart Grid Maturity Model (SGMM) Navigation process to those interested in becoming an SEI-Certified SGMM Navigator. The SGMM Navigation process provides utilities with essential planning support and positions the Navigator to initiate new engagements and gain follow-on work with utility customers.