Description: This curriculum provides specialized training for insider threat program personnel working in cleared defense industries, including the contractor's designated insider threat program senior official (ITPSO). It is designed to equip students with the knowledge, skills, and abilities required to conduct their duties. Executive Order 13587, National Minimum Standards for Insider Threat, and 32 CFR § 117 National Industrial Security Program Operating Manual (NISPOM) mandates that “the designated ITPSO will ensure that contractor program personnel assigned insider threat program responsibilities complete training consistent with applicable CSA provided guidance.” Such training must include:
- Counterintelligence and security fundamentals
- Procedures for conducting insider threat response actions
- Applicable laws and regulations regarding the gathering, integration, retention, safeguarding, and use of records and data, including the consequences of misuse of such information
- Applicable legal, civil liberties, and privacy policies and requirements applicable to insider threat programs
This curriculum satisfies the 32 CFR § 117.12 (g)(1) requirements.
Learning Objectives: After completing this curriculum, the student will be able to:
- Explain the importance of counterintelligence and threat awareness in industry security programs.
- Explain the role of insider threat programs in mitigating the risks posed by insider threats and how they mitigate those risks.
- Describe factors to consider when formulating a mitigation response to an insider threat incident.
- Summarize the ability of multidisciplinary teams to craft mitigation responses tailored to insider threat incidents.
- Identify reporting requirements that apply to insider threat programs.
- Describe how records checks support the identification of potential insider threats.
- Identify legal requirements to consider when accessing, handling, and reporting records and data.
- Describe how to locate information about potential insider threats.
- Assess the veracity of the information found in records.
- Identify potential risk indicators in records, databases, and other electronic forms of information.
- Describe circumstances under which information may be shared within an insider threat program or referred outside of the program and why.
- Explain how to implement institutional protections with an insider threat program that maintain a proper balance between security practices and individuals’ liberty and privacy interest.
Delivery Method: eLearning
Length: 5 hours (includes courses and exams)
Target Audience: Industry security professionals and practitioners responsible for executing and maintaining an insider threat program for their unit or facility.
Number of Students per Course: N/A
Requirements:
- Clearance Requirements: None
- Attendance Requirements: N/A
- Exam Requirements: Individual course exams only
- Credits Recommended/Earned: Professional Development Units (PDUs) per SPēD are determined by length of course and IAW with current Certification Maintenance Guidelines
- List of Courses and Exams
All courses and any associated exams must be completed in the STEPP learning management system to receive credit under this curriculum. Courses completed under the Security Awareness Hub will not be eligible for credit toward this certificate. This curriculum requires completion of the following courses and exams:
- Protecting Assets in the NISP Course CI117
- Insider Threat Mitigation Responses Course and Exam INT210
- Insider Threat Records Checks Course and Exam INT230
- Insider Threat Privacy and Civil Liberties Course and Exam INT260
Other Recommended Training:
- Establishing an Insider Threat Program for Your Organization Course INT122
- Insider Threat Awareness Course INT101
- Adverse Information Reporting Short PS007
System Requirements: Check if your system is configured appropriately to use STEPP.
CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.