Certified Insider Threat Program™ – Insider Threat Core

Course Overview

Price: Free (with access to FedVTE and purchase of Certified Insider Threat Professional Bundle)

High-level Description: The Certified Insider Threat Program™ – Insider Threat Core (CITPCORE) serves as the foundational curriculum for all Certified Insider Threat Professional™ (CITP™) certifications. While this core curriculum provides essential knowledge, each certification also includes additional specialized course requirements unique to its focus area.

All CITP™ certifications map to and meet the NICE Workforce Category for Insider Threat Analysis and align with at least one additional work role defined by the National Initiative for Cybersecurity Education (NICE) or the DoD Cyber Workforce Framework (DCWF/8140). This alignment ensures that participants gain the necessary knowledge, skills, and abilities (KSAs) to fulfill multiple operational roles.

The curriculum is designed to meet the highest federal standards, including EO 13587, DoD 8140, and NITTF guidelines, ensuring students are prepared to manage insider threats effectively across federal, state, and private-sector environments.

Core Components

Publicly Accessible CDSE Courses (https://securityawareness.usalearning.gov)

These courses provide a baseline understanding of insider threat awareness, program development, and related security measures.

1. Insider Threat Awareness (60 Min) – Covers the basics of recognizing and reporting insider threats. This foundational course is essential for all personnel, helping them identify behaviors that may indicate risks and emphasizing proactive reporting of suspicious activities.
2. Establishing an Insider Threat Program (60 Min) – Teaches strategies for building and managing insider threat programs in alignment with federal standards. This course provides a foundational understanding for developing comprehensive programs that detect and mitigate risks effectively.
3. Maximizing Organizational Trust (60 Min) – Promotes early detection through trust-building strategies. Highlights trust-building strategies as a critical element in early threat detection. By fostering trust, organizations can encourage employees to report concerns more openly, aiding in quicker identification of potential threats.
4. OPSEC Awareness (30 Min) – Teaches operational security measures to protect critical information. Focuses on operational security measures to protect critical information, a core element in preventing insider threats. This course emphasizes the need for employees to safeguard sensitive information, reducing unintentional or malicious disclosures.
5. Counterintelligence Awareness and Reporting (60 Min) – Provides tools to identify and report counterintelligence threats, key to mitigating insider risks. This training equips individuals to recognize espionage indicators, strengthening defense against insider actions harmful to U.S. interests.
6. Counterintelligence Awareness and Security Brief (30 Min) – Although designed primarily for defense contractors, this course is relevant for government roles where insider threat awareness is critical. It educates employees on spotting suspicious activities that could lead to data leaks or espionage.
7. Thwarting the Enemy: Counterintelligence and Threat Awareness Information to the Defense Industrial Base (30 Min) – Although designed primarily for defense contractors, this course is relevant for government roles where insider threat awareness is critical. It covers threats to U.S. technology and the importance of reporting suspicious activities. This training is essential for employees in defense sectors, reinforcing the importance of vigilance against unauthorized access and leaks.
8. Unauthorized Disclosure of Classified Information and Controlled Unclassified Information (60 Min) – This course discusses the risks and consequences of unauthorized information disclosures, a primary insider threat concern. Understanding these risks helps prevent leaks and equips employees to recognize potential security breaches.
9. Introduction to the Risk Management Framework (RMF) (30 Min) – This course Provides an overview of RMF, highlighting its role in risk mitigation within IT environments. RMF processes help prevent vulnerabilities that insiders could exploit, supporting proactive threat management.

FedVTE Courses

Free, self-paced courses for government employees, contractors, and veterans:

1. Insider Threat Program Manager: Implementation and Operations– Develops skills to build and manage insider threat programs. (need more detail)
2. Insider Threat Analysis– Focuses on multi-source data analysis to detect and mitigate insider threats. (need more detail)

FEMA Independent Study Courses

These courses focus on security awareness and insider threat mitigation with built-in assessments:

1. IS-906: Workplace Security Awareness – Enhances workplace security awareness, encouraging employees to identify and report insider risks. A foundational course that supports a culture of vigilance organization-wide
2. IS-907: Active Shooter: – Provides guidance on responding to active shooter situations. While focused on emergency preparedness, it also promotes awareness of unusual behaviors that could indicate insider threats.
3. IS-912: Retail Security Awareness: – Teaches situational awareness skills in high-traffic environments, which can help employees identify insider threats in similar settings.
4. IS-914: Surveillance Awareness: – Provides tools for recognizing suspicious surveillance activities. This awareness is vital in identifying early signs of insider risk behaviors, especially in sensitive environments.
5. IS-915: Protecting Critical Infrastructure Against Insider Threats – Focuses on safeguarding critical infrastructure from insider threats. This course emphasizes the importance of reporting vulnerabilities that could be exploited internally.
6. IS-916: Critical Infrastructure Security: Theft and Diversion – Addresses theft and diversion risks, teaching employees to recognize and report insider activities that may disrupt critical operations.

EC-Council Learning Courses

Advanced skills training provided through EC-Council Learning:

1. Mastering Threat Intelligence (14 hours) – Teaches skills to collect, analyze, and act on threat intelligence, supporting proactive insider threat mitigation. By understanding threat intelligence, analysts can anticipate and counter potential insider actions
2. Master Open-Source Intelligence (OSINT) (14 hours) – Provides expertise in gathering OSINT, useful for detecting insider threats through public information sources. This enables analysts to identify early indicators of insider threats, enhancing preventive measures.
3. OSINT for Ethical Hackers (Instagram & Facebook) (9 hours) – Focuses on OSINT techniques for social media platforms. Social media can be a source of critical information regarding insider intent; this course equips analysts to identify potential risk behaviors online.
4. OPSEC Demystified: Strategies for Secure Operations (5 hours) – Provides an understanding of nation-state tactics, supporting defense strategies against insider collusion. This course helps employees recognize threats that may be indirectly linked to nation-state actors.
5. Cyber Warfare: Defense Against Nation-State Threats (5 hours) (we need a short description and need to add the so what how is this important from an Insider Threat/Risk Perspective?)
6. Linux Crash Course for Beginners (6 hours) – Introduces Linux, which many cybersecurity tools are built on. Familiarizing analysts with Linux-based tools aids in effective monitoring and analysis of insider threats.

Optional Capstone and Master Designation: Mission Readiness Range

Students can complete a 3-month capstone project through the Mission Readiness Range, applying KSAs in realistic insider threat scenarios. This hands-on experience prepares participants for advanced operational roles and the Master Certification.

Certification-Specific Requirements and Mapping to NICE/DCWF Work Roles

While the Insider Threat Core Curriculum forms the foundation, each CITP™ certification maps to one or more specific NICE or DCWF/8140 work roles. The core curriculum meets the requirements of the NICE Workforce Category for Insider Threat Analysis, ensuring participants are prepared to analyze, detect, and mitigate insider threats. Additionally, each certification aligns with at least one other NICE or DCWF work role.

Recommended Course Sequence and Duration

The following sequence ensures participants acquire foundational knowledge before advancing to specialized topics. The courses are ordered to provide logical progression from basic awareness to program management and finally technical and operational expertise. (this table needs to be updated with more accurate duration)