• Online, Self-Paced

This course focuses on helping insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. This course focuses on how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. This course explains the workflow that incorporates expertise and capabilities from across an organization.

Learning Objectives

  • Work with raw data to identify concerning behaviors and activity of potential insiders.
  • Identify the technical requirements for accessing data for insider threat analysis.
  • Develop insider threat indicators that fuse data from multiple sources.
  • Apply advanced analytics for identifying insider anomalies.
  • Measure the effectiveness of insider threat indicators and anomaly detection methods.
  • Navigate the insider threat tool landscape.
  • Describe the policies, practices, and procedures needed for an insider threat analysis process.
  • Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Threat Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.