top of page

Our Initiatives

Certificats in Insider Risk Awareness
Virtual Meeting
download_edited.png
Students Typing at Their Computers

12 ASIS Continuing Professional Education (CPE) Credits - Aligns with ASIS Certified Protection Professional (CPP), Physical Security Professional (PSP), and Associate Protection Professional (APP) certification programs

This course is instructed online and focused on screening and risk factors (12 learning hours over two days).  Learning objectives include:

•Broadened understanding of insider threat with an emphasis on the security screening process,

•Heightened ability to recognize (i.e., red flags), detect and defend against insider risks within organizations, 

 

•Introduction to motives or personal situations that may increase an employee’s likelihood to act out against an employer, 

 

•Practical knowledge of a risk factor framework used to recognize behaviours indicating potential employee concern and management of residual risks, 

 

•Awareness of continuous assurance (i.e., aftercare) measures that can be used with current employees, as well as considerations upon an employee departing an organization, and,

 

•Understanding of personal social media presence and related company strategies.

Picture5.jpg

Featured Instructor

Mr. Brian Thompson

Brian is the C-InRM CoE Chief Learning Officer and has over 40 years of experience in the Canadian Armed Forces, Department of National Defence, and the Royal Canadian Mounted Police. 

 

Over the past several years, he has conducted risk-based security screening and insider risk training, as well as advised and consulted on various personnel security files.  He holds an M.A. degree in personality psychology from the University of Manitoba and is certified as an Insider Threat Program Manager and Vulnerability Assessor from Carnegie Mellon University.

Screenshot 2023-02-17 060306.png

SAMPLE

What Participants Say

The presentation was great! Brian Thompson is very knowledgeable
INAF 5469
Students

Course Testimonials

Honestly, can't think of one bad thing to say about this class.  Prof. Munro was amazing, as were the guest speakers

Really helps understanding real-life applications of insider threat in the private sector

Thanks so much for an excellent course!

Great to hear from practitioners in the field

Really enjoyed the practical, real world examples from various industries!

Students

International Affairs (INAF) 5469 R - Insider Risk, Threat, and Mitigation

The objective of this seminar is to introduce students to the concept of malicious insider threats, defined as “a current or former employee, contractor, or business partner…negatively affecting the confidentiality, integrity, availability”  of an organization’s assets including its workforce, along with risk management theory and industry standards to control for—and mitigate—threats.  

 

It will contextualize insider threat as a subset of defensive counter-intelligence, within the broader intelligence studies literature.  This seminar will trace the historical development of counter-intelligence practices in Western nation-state governments in the mid-20th century to the present, as well as contemporary insider threat programs that began appearing in the public and private sectors in the late 1970s, through various case studies of notable compromises.  

 

It will examine insider threat typology primarily under capability-motivation (money, ideology, compromise, ego—MICE)-opportunity (CMO) and pathway to harm theoretical frameworks and consider present-day security risk policy formulation and industry mitigation control standards against threat-type, ethical and privacy considerations, and consider macro-environmental factors that may serve as “triggers” for future potential threats.  

 

The present state of academic and industry research on insider threat, quantitative and qualitative streams, will be reviewed.

 

 

On completion of the seminar, students will have a broad and comprehensive understanding of insider risk, the ability to reflect critically on insider threat-related research, and industry mitigation practices.  

 

Finally, students will also have gained practical experience on developing and delivering outputs that are expected by the industry at large from practitioners in this field.

Picture4.jpg

Sessional Lecturer

Mr. Victor Munro

Victor is the C-InRM CoE Executive Director and an experienced cyber strategy, security and insider risk, and threat intelligence consultant with 20 years of experience in Canadian federal government security and intelligence, public finance critical infrastructure, and private global multi-national IT services sectors.  He has helped organizations implement insider threat, cloud security, and incident management strategies and programs to manage risk and enhance organizational resiliency.

*Must be a graduate student presently enrolled in Carleton University, Norman Paterson School of International Affairs.  May not be offered every academic term - to confirm, consult Carleton University's Registrar's Office, and refer to the INAF subject.

Inside Threa Monitoring Theory
Connecting Dots

National Study - Insider Threat Monitoring Theory

Call for industry participation

Rigorous research on insider threat mitigation based on real case studies with moderate to large sample sizes are not generally available for research--none exist in Canada.

In Canadian organizations, which monitoring controls are the most important, and what sources of data have been crucial to earlier detection, resulting in an organization not being attacked, or limiting injury from insider threat attacks?

Picture4.jpg

Lead Researcher

Mr. Victor Munro

Victor is the C-InRM CoE Executive Director and an experienced cyber strategy, security and insider risk, and threat intelligence consultant with 20 years of experience in Canadian federal government security and intelligence, public finance critical infrastructure, and private global multi-national IT services sectors.  He has helped organizations implement insider threat, cloud security, and incident management strategies and programs to manage risk and enhance organizational resiliency.

*To learn more, contact Victor

CITD
Wavy Circles

National Pilot Initiative - Canadian Insider Threat Dataset (CITD)

*Phase 1 industry consultations are complete. If your organization would like join a Phase 2 industry proof-of-concept pilot, please inquire by December 31, 2023.*

A Taskforce has been established to discuss and establish the parameters for a secure, centralized, intake portal for anonymized incident reporting, and share aggregate details to a closed research community of academic, private, and public partners.  Outcomes include:

  • Collaboration to define an incident attribute taxonomy for reporting insider threat attacks;

  • Production of an aggregate real incident dataset for research, policy and program building, and mitigation purposes; and,

  • Pilot the governance, policies, and operations of the CITD initiative.

 

A White Paper will be published later this year, detailing the aggregate findings and recommendations of the Taskforce.

Business Meeting

If you require a centralized insider risk management partner to assist you...

A man looking at a computer screen

...on research, training, or joining a national community of practice, reach out today to the C-InRM CoE

bottom of page