Insider Threat Workshop

Insider Threat Cyber
  • 5/17/2018 - 5/18/2018 7:00 am - 3:30 pm
  • JW Marriott Camelback Inn Resort & Spa
    5402 East Lincoln Drive
    Scottsdale,  AZ  85253
  • Event Type : Training
    Event Code : 880A



This event has been canceled due to low participation. We anticipate another workshop to be scheduled in FY18. 


This two-day program is designed to help organizations develop the critical components of an Insider Threat Program using modern analytic techniques and measures.

Learn how to evolve your current security program into a converged management structure that will identify and deter individuals who pose both violent and non-violent threats. Learn the skills and procedures required to identify factors that are critical to shaping a comprehensive Insider Threat Program.

Real case studies are used to show how work behavior can reveal early signs of a potential insider threat, to examine the potential risk indicators and to reveal how organizations can be structured to best detect and deter the insider threat.

Learning Objectives:

  • Learn the methodologies that experts use to recruit insiders and individual motivators.
  • Examine behavioral risk indicators & identify organizational and situational triggers for
    the violent & non-violent insider threat.
  • Learn techniques for internal alerting, reporting, collecting, storing, & evaluating data
    relevant to insider threat indicators.
  • Learn the psychometric approach for designing metrics, how to analyze metrics, &
    techniques for re-purposing existing metrics to best fit your organization’s needs.

On October 7, 2011, the President signed Executive Order 13587, “Structural Reforms to
Improve Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.”  Executive Order 13587 directs the heads of agencies that operate or access classified computer networks to have responsibility for appropriately sharing and safeguarding classified information.

In November 2012, the White House issued National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.  These minimum standards provide the Departments and Agencies with the minimum elements necessary to establish effective insider threat programs.  These elements include the designation of a senior official(s); capability to gather; integrate; and centrally analyze and respond to key threat - related information; monitor employee use of classified networks; provide the workforce with insider - threat awareness training; and protect the civil liberties and privacy of all personnel.

Implementation of the National Insider Threat Policy for cleared industry will be outlined in Conforming Change 2 of the National Industrial Security Program Operating Manual
(NISPOM).  While not yet issued, the conforming change will outline insider threat
requirements for cleared industry operating under the National Industrial Security Program.

These minimum standards will include:

  • Establishing an insider threat program
  • Designating an insider threat senior official who is cleared in connection with the facility clearance
  • Self-assessments of insider threat programs
  • Insider threat training for insider threat program personnel and awareness for employees
  • Monitoring network activity

Workshop Timeline:

Day 1: Thursday, 17 May

0700-0715     Breakfast

0715-0745     Goals, Objectives, and Introductions

0745-0815     Overview of an Insider Threat Program

0815-0900     Components of an Insider Threat Program

0900-0915     Break

0915-1115     Developing an Operational Strategic Plan and CONOPS

1115-1145     Collaboration and Convergence

1145-1215     The Insider Threat Working Group

1215-1315     Lunch

1315-1400     Integrated Behavioral Model of the Insider

1400-1515     Performance Metrics and Presentation Guidelines

1515-1530     Closing

Day 2: Friday, 18 May

0700-0715     Breakfast

0715-0730     What Did We Learn Yesterday? 

0730-0930     Education and Training

0930-0945     Break

0945-1030     Enterprise Security Risk Management

1030-1215     Continuous Monitoring/Evaluation

1215-1315     Lunch

1315-1415     Team Exercises

1415-1430     Break

1430-1515     Team Exercises

1515-1530     Course Conclusion



Carol Dwyer - Registration
(703) 247-9471

Insider Threat Workshop