Insider Threat Program – Execution And Management


The course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses different techniques and methods to develop, implement, and operate program components.

This training course supports organisations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.

This course is designed to equip students with the knowledge, skills, and abilities required to conduct their duties to establish insider threat programs designed to detect, deter, and mitigate risks associated with trusted insiders, including the ability to gather, retain, and assess data.


Upon successful course completion, students will possess the ability to:

  • Describes the roles and responsibilities of an insider threat program.
  • Plan the steps to build, implement and operate an insider threat program management.
  • Coordinate a cross-organisational team to help develop and implement the Insider Threat Program.
  • Develop a framework for their Insider Threat Program.
  • Identify methods to gain management support and sponsorship.
  • Plan the implementation of their Insider Threat Program.
  • Identify organisational policies and processes that require enhancement to accommodate insider threat components.
  • Identify data sources and priorities for data collection.
  • Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program.
  • Outline operational considerations and requirements needed to implement the program.
  • Build policies and processes to help hire the right staff and develop an organisational culture of security.
  • Improve organisational security awareness training.
  • Identify training competencies for insider threat team staff.

Topics Covered

The course covers topics such as:

  • Building the Insider Threat Program Framework
  • Developing an enterprise-wide approach and interdisciplinary project team
  • Creating or enhancing policies and processes to include insider threat program considerations.
  • Identifying critical asset and protection needs
  • Identifying risks to assets from insiders and enhancing any risk management program to consider risks from insiders.
  • Enhancing organisational training and awareness programs to include insider threat.
  • Enhancing organisational infrastructures to support the Insider Threat Program by determining what defences are needed and where enhancements are necessary.
  • Building the data collection and analysis function for both technical and behavioural data
  • Identifying data sources and priorities
  • Building a Roadmap for Implementation
  • Considerations for operations
  • Future improvements to the program


  • Gain insights and guidance from experts on how to implement and operate an Insider Threat Program effectively.
  • Receive step-by-step instructions and best practices for program development.
  • Acquire the skills and knowledge to identify, assess, and mitigate insider threats within an organisation.
  • Learn strategies for early detection and prevention of insider incidents.
  • Develop a deep understanding of the various types of insider threats and their motivations.
  • Learn how to differentiate between accidental and malicious insider activities.
  • Acquire communication skills to effectively convey the importance of the Insider Threat Program to stakeholders.
  • Learn how to collaborate with different departments and foster a culture of security awareness.
  • Learn how to tailor an Insider Threat Program to meet the specific needs and characteristics of the organisation.
  • Understand how to adapt the program to evolving threats and organisational changes.
  • Share experiences, challenges, and best practices with peers to enhance knowledge and skills.

Who Should Attend

  • Current or potential insider threat program managers
  • Insider threat program team members
  • Employees within the other areas of the organisation who interact and support an insider threat program.
  • Others who want to learn more about implementation and operating an effective program


Participants are required to complete the Introduction To Insider Threat Training Course.

Course Length:

Four days, classroom and online instructor-led.

Special Arrangement:

This course may be offered by special arrangements at customer sites. For details, please contact

Course Questions:

Email your query to

Sign up for early access