This course focuses on helping insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. This course focuses on how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. This course explains the workflow that incorporates expertise and capabilities from across an organization.
- Work with raw data to identify concerning behaviors and activity of potential insiders.
- Identify the technical requirements for accessing data for insider threat analysis.
- Develop insider threat indicators that fuse data from multiple sources.
- Apply advanced analytics for identifying insider anomalies.
- Measure the effectiveness of insider threat indicators and anomaly detection methods.
- Navigate the insider threat tool landscape.
- Describe the policies, practices, and procedures needed for an insider threat analysis process.
- Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.