Steve Young - Fotolia
CERT came out with a new certification that is designed to assist companies in developing a formal insider threat program. Could you briefly explain the certification? Is it relevant enough for current security professionals to obtain?
The insider threat doesn't typically get the same level of recognition as other external threats. State-based actors or cybercriminals in foreign countries often get all of the media attention, but an insider breach can cause far greater damage to an organization. The Snowden leaks are a good example of how much damage can be done by a trusted insider. Organizations struggle with building an insider threat program and CERT has responded by developing a new program -- called the Insider Threat Program Manager (ITPM) -- to assist organizations in the process. The goal of the ITPM certification is to provide education and testing so an organization can develop its own insider threat program.
There is a deserved level of skepticism surrounding certifications, and many in the industry question their value. This is often due to a limited number of questions that don't require a full understanding of the topic to be successfully answered. Cram sessions and rote memorization can pass certifications but are not helpful in the real world. The CERT ITPM certification addresses this by requiring a combination of online and on-site classes, as well as a certification exam. The three-and-a-half day on-site training does have a downside in that it dramatically increases the cost of this certification, which ranges from $3,000 to $4,000. However, it should also add to the validity of the certification.
The topics covered in this certification range from education on prevention, detection and response to insider threats. It also requires the CERT STEPfwd (Simulation, Training and Exercise Platform), which provides an online multi-media learning environment. The online learning portion of the program is extensive, requiring 12 hours of student time. The only weak point in this entire program is that the exam is only 65 multiple-choice questions to be completed in 24 hours. The exam could not represent all of the material covered during the training courses, and this diminishes the certification value somewhat.
The trusted insider can do more damage than most external threats, and organizations need to develop programs to prevent, detect and respond to these threats. The CERT ITPM certificate is a great way for information security professionals to obtain these skills. It is expensive and the exam is not comprehensive, but the material is covered with a high level of expertise by a highly qualified organization. This is a quality certification that adds value to any organization looking to build an insider threat program.
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Trying to decide what security certifications to get? Check out our vendor-specific certification guide.
Dig Deeper on Security Awareness Training and Internal Threats-Information
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it. Continue Reading
Netflix released its own threat monitoring tools: Scumblr, Sketchy and Workflowable. Expert Joseph Granneman looks at these tools and their benefits ... Continue Reading