search menu icon-carat-right cmu-wordmark

Insider Threat Vulnerability Assessor Training

This 3-day course develops the skills and competencies necessary to perform an insider threat vulnerability assessment of an organization.

This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching the insider threat problem since 2001 in partnership with the U.S. Department of Defense (DoD), the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community.

The Insider Threat Vulnerability Assessment helps organizations to

  • identify issues impacting their insider threat risk
  • design and implement tactical countermeasures
  • formulate a strategic action plan for long-term risk mitigation

The organizational vulnerabilities and corresponding processes for detection and response that are assessed are based on actual cases and CERT's research into appropriate mitigations.

Course participants will learn how to plan and execute an assessment including developing the final evaluation report.

Please note that successful completion of this course is a required component of the Insider Threat Vulnerability Assessor (ITVA) Certificate. To learn more about the certificate and package pricing for the courses, please visit Insider Threat Vulnerability Assessor (ITVA) Certificate Package


  • Those interested in the CERT methodology and tools to perform insider threat vulnerability assessments within their organization or in other organizations.


At the completion of the course, learners will be able to:

  • Describe the phases of the ITVA assessment process
  • Distinguish between capabilities, levels, and indicators
  • Scope assessment for particular critical assets or business processes
  • Identify logistics that must be determined for an assessment
  • Plan and schedule an assessment
  • Develop a data collection plan
  • Review assessed organization's submitted documentation to determine applicability as evidence and map to related capabilities and indicators
  • Observe execution or demonstration of activities during on-site to substantiate indicator performance
  • Interview assessed organization's staff to corroborate performance of indicators
  • Enter evidence into the Joint Assessment Tool (JAT)
  • Substantiate evidence of indicators being met
  • Score capabilities based on indicator verification
  • Record substantiation of indicators and scores for capabilities in the JAT
  • Outline the main sections of the assessment report
  • Write sections of the assessment report
  • Defend results presented in the assessment report


The course covers topics such as:

  • ITVA assessment methodology lifecycle: Planning, Pre-Assessment, On-site, and Post-Assessment / Reporting
  • ITVA workbook components: capabilities, levels of preparedness, indicators, evidence, and scoring
  • Capability areas: Data Owners, Human Resources, Legal, Physical Security, Information Technology, Software Engineering, and Trusted Business Partners
  • ITVA workbooks including
    • types: (there are seven workbooks corresponding to the seven capability areas)
    • structure
    • use
  • Preparing and planning for the assessment
  • Knowledge, skills, and abilities required to perform the assessment
  • Building a multi-disciplinary assessment team
  • Pre-assessment activities including
    • completion of pre-assessment spreadsheet by the assessed organization
    • determining logistics
    • reviewing organizational documentation
    • developing a data collection plan
  • Using Pre-assessment tools and templates
  • Performing on-site data collection (interviews and observations)
  • Substantiating and corroborating evidence for meeting indicators
  • Recording and scoring data in the Joint Assessment Tool (JAT)
  • Developing the assessment report
  • Completing the assessment
  • Overview of ITVA capabilities and indicators for each area / workbook


Course methods include lecture, group exercises, and scenario completion. Participants will receive a course notebook, case studies and electronic course materials downloadable from the SEI Learning Portal. Students attending in-person offerings in an SEI Training Facility are required to bring a laptop to be used only during course exercises.


Participants completing the Insider Threat Vulnerability Assessor Training Certificate must take the prerequisite courses: Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program before taking this course.

Students are strongly recommended to also take the Insider Threat Program Manager: Implementation and Operation course to provide additional background knowledge for the course, but this is not required.

Course Fees [USD]

  • U.S. Industry: $2,650.00
  • U.S. Govt/Academic: $2,250.00
  • International: $3,150.00


This 3 day course meets at the following times:

Days 1-3, 8:30 a.m. - 4:30 p.m. Eastern Time

This course may be offered by special arrangement at customer sites. For details, please email or telephone at +1 412-268-1817.

Course Questions?

Phone: 412-268-7388

Related Courses

  • Building an Insider Threat Program


    This seven (7) hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program. This training is based upon the...

    Learn More
  • Insider Threat Awareness Training


    This one hour course provides a basic understanding of insider threats within an organization and what employees should be aware of in their responsibilities to protect an organization's critical assets. This course explains how your work can be affected and how you can be targeted by Insider Threats. This training is based upon the research of...

    Learn More
  • Overview of Insider Threat Concepts and Activities


    This three (3) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral indicators and outlines mitigation strategies. This instruction is based upon the research of the CERT National Insider Threat Center (NITC) of the...

    Learn More
  • Insider Threat Program Manager: Implementation and Operation

    3 - Day Course

    This three day course builds upon the initial concepts presented in the prerequisite courses Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program. The course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods...

    Learn More

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.