top of page
CInRM COE.png

A not-for-profit entity that is evolving Canada's capabilities in insider risk management by fostering an interdisciplinary approach aimed at accelerating research, training, education and building sustained community partnerships.

Upcoming events

Business Meeting

Thank-you to our partners that participated in our inaugural Insider Risk Management Security Partnerships Summit and engaged with the wider community of insider risk management (InRM) practitioners as part of Canadian Insider Threat Awareness Month.

 

Please visit our CITAM2023 page for highlights, and also to access knowledge resources for benchmarking purposes and to promote InRM policy and program objectives within organizations.

Anchor 1
A woman looking at charts on the screen

Why is an interdisciplinary, academic/private/public research initiative dedicated to insider threat and the risk mitigation research necessary?

The severity of attacks to Canadian organizations and critical infrastructure is increasing.

The underlying motivations that lead to these attacks are varied, meaning that risk management solutions must increasingly adopt a holistic and balanced approach, that consider mitigations from the cyber security, human resources legal, personnel security, physical security, and privacy disciplines.

Private and public institutions have unique approaches to insider risk management, and the academic environment provides an opportunity to foster dialogue, conduct critical inquiry, and promote applied research initiatives to manage the risk.

The C-InRM CoE, in cooperation with the Office of Professional Training and Development at Carleton University’s Norman Paterson School of International Affairs (NPSIA PT&D), has developed training in insider risk awareness.

Certificates provide continuing professional education (CPE) credits that are recognized by international professional security organizations such as ASIS International.

A Taskforce has been established to provide thought leadership and input on the establishment of the parameters for a secure, centralized, intake portal for anonymized incident reporting, and the sharing of aggregate details to a closed research community of academic, private, and public partners.

*Phase 1 industry consultations are complete. If your organization would like join a Phase 2 industry proof-of-concept pilot, please inquire by December 31, 2023.*

Rigorous research on insider risk mitigation based on real case studies with moderate to large sample sizes, do not generally exist--none exist in Canada.

If you are a Canadian organization that would like to receive the final results for benchmarking purposes, contact the C-InRM CoE today to learn how you may participate in the study.

Academic Library

Insights
...are based on original research with Canadian organizations

Community resources
...to create insider risk management programs
...to assess the capability and maturity of existing programs
...to respond to detected potential threats
...to apply strategic foresight based on the changing environment

A current understanding of how insider risks may be mitigated includes...

...in people focused insider risk programs...technology should be an enabler

...cultivating a positive workplace culture...

...increased employee awareness and training...

How likely are employees to report potential threats?

Our research indicates that there is confusion and uncertainty surrounding the issue of reporting concerns about a co-worker's behaviour that could identify them as an insider threat.  Data from the study revealed that people are engaged about the topic and see it as important, but their comments suggest that the burden of reporting is too great within the workforce so a common choice is to do nothing as encapsulated by the quote, "the pull to do nothing would be strong".

People want to do the right thing, but not at own expense, there are more incentives to be complacent then being involved.  Changing organizational culture can improve the situation.

 

Do organizations differentiate between risk controls required for malicious vs. unintentional insider threats?

 

Organizations required a clear definition in policy of insider threat

More awareness initiatives are required to mitigate the more likely unintentional threats

Technical controls have been more focused towards malicious threats

We Take Pride in Our Numbers

8

research initiatives focused on insider risk management, generating insights that can be applied to organizational policy and program enhancements

40+

graduate students instructed at Carleton University, Norman Paterson School of International Affairs (NPSIA) on insider risk, threat, and mitigation history, theory, policy, and program building...augmenting insider risk practitioners, leaders, and academic resources to meet the demands of the employment market

25

Canadian private and public organizations supporting their employees' training on insider risk awareness in the practical certificate program offered in partnership with Carleton University, NPSIA, Professional Training and Development (PT&D)

providing co-op and job opportunities in insider risk management for students in partnership with Canadian organizations

Identify the Threat and Mitigate

C-InRM CoE Steering Committee

Alex-Wilner-crop-400x560.jpg

"I look for partners in the private sector or the federal public service who have a research idea but don't have the capacity to implement it."

"Our hope and expectation with emerging collaboration is that it will grow into something bigger and broader in the coming years." 

Professor Alex Wilner, Co-Chair of the C-InRM CoE Steering Committee 

Senior Infrastructure Protection and International Security Fellow Lina Tsakiris, Co-Chair of the C-InRM CoE Steering Committee, collaborating with Prof. Wilner on a new academic partnership on insider risk that will focus on the Canadian security landscape.

<Excepts taken from Stories: Featured, Faculty of Public Affairs, Norman Paterson School of International Affairs, February 7, 2022>

Picture1.jpg

C-InRM CoE Research POV

Picture2.jpg

"The time is obviously right to be talking about and studying insider risk topics - everyone I've interviewed for our research, both expert and non-expert, has been engaged, passionate, and full of thoughtful ideas to consider to improve security culture in Canada."

Heather Holden

Researcher

C-InRM CoE

"I am delighted to have partnered with the Canadian Insider Risk Management Centre of Excellence for my 2021 Insider Risk for Canadian Financial Institutions Masters Capstone, and as a Researcher for a Technology Applications and Evolution for Insider Threat Detection project in 2022.

Alex, Lina and Victor’s expertise, insights and knowledge were extremely helpful in steering forward-looking and impactful insider risk research that can add significant organizational value.

I hope that my work with the C-InRM CoE is the beginning of a long partnership and I can continue to help the Centre of Excellence expand its high-quality insider risk research."

Darian Scherbluk

Researcher

C-InRM CoE

Picture3.jpg
bottom of page