Resources
To download the Candidate Handbook, please click the button below.
To download the GCITP Exam Guide, please click on the button below.
GCITP Essential Body of Work
GCITP assessment was developed using a two-stage process. First, a practice analysis was performed to codify the community’s “skill standard.” The skill standard consisted of the Essential Body of Work (EBW), which defined the critical tasks performed by the community, and the Essential Body of Knowledge (EBK), which defined the critical knowledge and skills required to perform the EBW tasks. GCITP EBW are listed below:
Task | Description |
---|---|
Task 1 | Identify stakeholder partners and establish priorities |
Task 2 | Define sustainable methods for detection of irregular and/or abnormal activities and relevant reporting thresholds |
Task 3 | Define requirements, goals, metrics, and appropriate analytics |
Task 4 | Apply all relevant government and organization policies and procedures to core insider threat activities |
Task 5 | Monitor and review technical and non-technical data sources to identify potential insider-related events |
Task 6 | Perform triage to eliminate false indicators and determine relevance, credibility, probability, magnitude, and imminence of potential threats |
Task 7 | Identify information gaps associated with potential threats |
Task 8 | Document and track potential insider-related events and actions in defined platforms/tools |
Task 9 | Aggregate information and determine appropriate level of escalation |
Task 10 | Conduct appropriate insider-related investigations and gather additional data needed for analysis and decision making |
Task 11 | Collaborate with internal and external partners, to gain access to data, expertise, and more effective use of information |
Task 12 | Analyze, synthesize, and evaluate all data sources to identify insider threats |
Task 13 | Create and deliver reports, presentations, and briefings for appropriate audiences |
Task 14 | Support decision makers to determine the best methods for mitigating, transferring, or accepting risk |
Task 15 | Assess effectiveness and efficiency of insider threat procedures to identify opportunities for continuous process improvement and provide recommendations and refinement based on learnings |
Task 16 | Support stakeholder by monitoring and assessing the effectiveness for potential mitigation strategies and making recommendations for potential updates |
Task 17 | Design, develop, and implement techniques and resources that enable the team to operate more efficiently and effectively |
Task 18 | Consult with stakeholders and senior leadership to influence organizational change, behavior, and results |
Task 19 | Follow established policies and procedures for closing an inquiry |
GCITP Essential Body of Knowledge - Technical Competencies
GCITP assessment was developed using a two-stage process. First, a practice analysis was performed to codify the community’s “skill standard.” The skill standard consisted of the Essential Body of Work (EBW), which defined the critical tasks performed by the community, and the Essential Body of Knowledge (EBK), which defined the critical knowledge and skills required to perform the EBW tasks. GCITP EBK Technical Competencies are listed below:
Competency 1 – Policies and Regulations | Complies with and stays current on relevant insider threat guidelines, policies, regulations, and laws. |
PR-AoE 1 - Insider Threat Policies | Be familiar with and stay current on relevant insider threat regulations, guidelines, laws, and directives (organizational, local, state, federal, international as appropriate/needed); examples include:
|
PR-AoE 2 - Counter Insider Threat Program - Operational Process | Knowledge of and compliance with:
|
PR-AoE 3 - Privacy and Civil Liberties | Complies with and stays current on relevant privacy and civil liberties protections; examples include:
|
PR-AoE 4 - Information Protection | Understands and complies with proper handling of sensitive information; examples include information related to:
|
PR-AoE 5 - Investigative and Operational Viability | Familiar with the investigative lifecycles related to associated pillars/disciplines and how the insider threat program might provide support (i.e., complies with proper investigative procedures and protocols for preserving chain of custody and integrity of collected information) |
Competency 2 – Researching | Identifies a need for and knows where or how to gather information. Obtains, evaluates, organizes, and maintains information. Understands the Potential Risk Indicators (PRIs), capabilities, and when to engage with each pillar. |
R-AoE 1 - Counterintelligence Pillar | Understands basic terms of reference, concepts, and principles related to the Counterintelligence Pillar to include:
Identifies anomalous behaviors within the Counterintelligence Pillar and knows when and how to engage with relevant counterintelligence professionals who:
|
R-AoE 2 - Cyber Pillar | Understands basic terms of reference, concepts, and principles related to the Cyber Pillar to include:
Identifies anomalous behaviors within the Cyber Pillar and knows when and how to engage with relevant cyber professionals who:
|
R-AoE 3 - Human Resources Pillar | Understands basic terms of reference, concepts, and principles related to the Human Resources Pillar to include:
Identifies anomalous behaviors within the Human Resources Pillar and knows when and how to engage with relevant human resource professionals who:
|
R-AoE 4 - Law Enforcement Pillar | Understands basic terms of reference, concepts, and principles related to the Law Enforcement Pillar to include:
Identifies anomalous behaviors within the Law Enforcement Pillar and knows when and how to engage with relevant law enforcement professionals who:
|
R-AoE 5 - Legal Pillar | Understands basic terms of reference, concepts, and principles related to the Legal Pillar to include:
Identifies anomalous behaviors within the Legal Pillar and knows when and how to engage with relevant legal professionals who:
|
R-AoE 6 - Social and Behavioral Sciences Pillar | Understands basic terms of reference, concepts, and principles related to the social and behavioral sciences to include:
Identifies anomalous behaviors within the Social and Behavioral Sciences pillar and knows when and how to engage with relevant behavioral science professionals who:
|
R-AoE 7 - Security Pillar | Understands basic terms of reference, concepts, and principles related to the Security Pillar to include:
Identifies anomalous behaviors within the Security Pillar and knows when and how to engage with relevant security professionals who:
|
Competency 3 - Information Analysis & Synthesis | Identifies anomalous behavior(s) and/or pattern(s) of behaviors; analyzes, interprets, and integrates data (technical and non-technical) or other information; differentiates between primary and secondary sources; evaluates and prioritizes alternatives; and assesses similarities and differences in data to develop findings and conclusions. |
S-AoE 1 - Insider Threat Referral Triage | Conduct insider threat referral triage by compiling, reviewing, interpreting, correlating, and analyzing insider threat referral data in order to:
|
S-AoE 2 - Insider Threat Trend Analysis | Conduct timely, preventative, and relevant insider threat trend analysis in order to:
|
S-AoE 3 - All-Source Analysis | Understand collection capabilities and reporting cycles from the primary Pillars (e.g., CI, Security, Cyber, HR, SBS, LE) and use a multi-disciplinary approach to:
|
S-AoE 4 - Insider Threat Assessment | Develop threat/risk assessment(s) on a potential insider threat using a multi-disciplinary approach including concepts, principles, and standards related to:
|
Competency 4 – Tools and Methods | Applies tools and methods to substantive discipline, domain, or area of work. Adapts existing tools and/or methods or employs new methodological approaches required for substantive discipline, domain, or area of work. A tool is defined as a physical or virtual device, application, or database used to perform work rather than something that is studied, exploited, or targeted. A method is defined as a structured and repeatable process for carrying out work. |
TM - AoE 1 - Analytical Communication | Support senior leaders, stakeholders, and mitigation activities by providing analytic assessments that incorporate:
|
TM-AoE 2 - Critical Thinking and Structured Analytic Techniques | Exercise critical thinking and structured analytic techniques when conducting insider threat activities. Document analytic processes in a clear and understandable method. These techniques include but are not limited to:
|
TM-AoE 3 - Databases/Data Feeds, Dashboards, and Analytic Tools | Understand how to access relevant databases/data feeds (e.g., local/national, government, and commercial) and understand the basic functions/capabilities of relevant dashboards and analytic tools in order to:
|
Competency 5 – Vulnerabilities Assessment and Management | Conducts assessments of individuals and organizational vulnerabilities in order to identify changes in the likelihood of an insider event, determines deviations from acceptable configurations of enterprise or local policy, assesses the level of risk, and, when appropriate, supports potential mitigation countermeasures. |
VAM- AoE 1 - Counter Insider Threat Program - Organizational Structure | Understand the mission, capabilities, and structure of the organization in order to:
|
VAM-AoE 2- Individual Risk Assessment | Understand procedures for determining an individual’s current level of risk based on the following factors:
|
VAM-AoE 3 - Insider Threat Mitigation: Individual | Understand how an insider threat or potential insider threat may be impacted (positively or negatively) by individual or organizational mitigation actions; considerations include:
Understand and support the implementation of individual mitigation response options – CI, Cyber, HR, LE, Legal, SBS, and Security (e.g., administrative actions, performance counseling, remedial training, compliance mandate, performance improvement plan, employee assistance referral, access suspension and/or downgrades, suspension and/or termination of employment) Monitor and assess the effectiveness and impact of chosen mitigation strategies and report findings to appropriate leaders and stakeholders |
VAM-AoE 4 - Insider Threat Mitigation: Organizational | Understand how an insider threat or potential insider threat may be impacted (positively or negatively) by individual or organizational mitigation actions; considerations include:
Understand and support the implementation of organizational mitigation response options – CI, Cyber, HR, LE, Legal, SBS, and Security (e.g., changes in policy, processes and procedures, and/or additional education/training/awareness) Monitor and assess the effectiveness and impact of chosen mitigation strategies and report findings to appropriate leaders and stakeholders |
GCITP Essential Body of Knowledge - Non-Technical Competencies
GCITP EBK Non-Technical Competencies are listed below:
Non-Technical Competency 1 – Communication | Understands effective and appropriate communication patterns and the ability to use and adapt that knowledge in various contexts. |
COM-AoE 1 - Information Sharing | Shares information, as appropriate, with customers, colleagues, and others. Ensures colleagues receive organizational information and recognizes the responsibility and takes action to provide information within the intelligence communicty, to other federal, state and local law enforcement or authorities, the private sector, and/or foreign partners, as appropriate. |
COM-AoE 2 – Oral Communication | Makes clear and convincing oral presentations. Listens effectively; clarifies information as needed. |
COM-AoE 3 – Written Communication | Writes in a clear, concise, organized, and convincing manner for the intended audience. |
Non-Technical Competency 2 – Collaboration | Implements a working practice whereby individuals, other organizational/office departments, and Insider Threat Programs work together for a common purpose to complete a task or achieve a common goal. Negotiates one’s needs to create a shared objective; cooperates and coordinates resources to execute a plan to reach goals. |
COL-AoE 1 - Influencing, Advocating, Negotiating | Tailors presentations to an audience’s unique blend of goals, values, and knowledge in order to persuade others, build consensus through give and take, and gain cooperation from others in order to obtain information, resources, and/or accomplish goals. |
COL-AoE 2 - Partnering | Develops networks and builds alliances; collaborates across boundaries to build strategic relationships and achieve common goals. |
COL-AoE 3 - Team Building | Inspires and fosters team commitment, spirit, pride, and trust. Facilitates cooperation and motivates team members to accomplish group goals. |
Non-Technical Competency 3 – Solution Development | Determines the best way of satisfying requirements for an output by evaluating baseline requirements and alternative solutions to achieve them, selecting the optimum solution, and creating a specification for the solution. |
SD-AoE 1 - Problem Solving | Identifies and analyzes problems; weighs relevance and accuracy of information; generates and evaluates alternative solutions; perceives the impact and implications of decisions; and makes recommendations. |
SD-AoE 2 - Systems Thinking | Understands how variables within a system interact with one another and change over time. Applies this understanding to solve complex problems and drive integration. |
SD-AoE 3 - Flexibility | Is open to change and new information; rapidly adapts to new information, changing conditions, or unexpected obstacles. |
SD-AoE 4 - Creativity & Innovation | Develops new insights into situations; questions conventional approaches; encourages new ideas and innovations; designs and implements new or cutting-edge programs/processes. |
SD-AoE 5 - External Awareness | Understands and keeps up to date on local, national, and international policies and trends that affect the organization and shape stakeholders' views; is aware of the organization's impact on the external environment. |
Non-Technical Competency 4 – Project Coordination | Streamlines the workflow of assigned tasks. Manages resources and information and assists with scheduling and planning project activities to ensure deadlines are met. |
PC-AoE 1 - Decisiveness | Makes well-informed, effective, and timely decisions needed to execute core insider threat activities even when data are limited or solutions produce unpleasant consequences. |
PC-AoE 2 - Planning & Evaluation | Organizes work, sets priorities, and determines resource requirements; determines short- or long-term goals and strategies to achieve them; coordinates with other organizations or parts of the organization to accomplish goals; monitors progress and evaluates outcomes |
PC-AoE 3 - Customer Service | Anticipates and meets the needs of both internal and external customers. Delivers high-quality products and services; is committed to continuous improvement. |
PC-AoE 4 - Accountability | Holds self and others accountable for measurable, high-quality, timely, and cost-effective results. Determines objectives, sets priorities, and delegates work. Accepts responsibility for mistakes. Complies with established control systems and rules. |
PC-AoE 5 - Integration | Searches for opportunities to collaborate and actively promotes collaboration on work products and across work domains to enhance the quality of results. |
Preparing for the GCITP Exam
GCITP Certification Program strongly encourages all candidates to study each of the certification exam blueprint areas to prepare for the exam. There are several providers and courses available (both free and fee-based) that can help candidates to prepare. The list of training providers and courses below is not all inclusive but is intended to provide a few examples of the resources available to candidates. However, please be advised of the following important caveats:
- The Certification Program does not favor or endorse any specific provider or course – listed below or otherwise.
- Participation in these or any courses are not required to participate in the GCITP Certification Program.
- Participating in or attending these courses does not guarantee a passing score on the GCITP exam.
- These are not the only training opportunities available, nor does taking these specific training courses give you any advantages or guarantee that you will score higher on the GCITP exam as compared to any other training courses available in the market.
- Whether looking at taking a course to meet the prerequisite requirements for the certification program or to maintain your existing certification, the certification program does not guarantee that the resources listed below are specifically aligned to the exam blueprint or to the exact proficiency level desired. Therefore, candidates are encouraged to evaluate the course descriptions and content areas being taught to ensure they will align to the candidate’s individual needs.
- All of the training providers and training opportunities listed below, including those offered by the University of Maryland, have been developed by training professionals external to the GCITP Certification Program and have no direct affiliation to the professionals that developed the GCITP exam.
Some of the training providers that offer courses which could help you prepare for the GCITP exam are listed below (we plan to add additional providers as we become aware of them):
Carnegie Mellon University Software Engineering Institute CERT Insider Threat Program Manager Certificate
Carnegie Mellon University Software Engineering Institute Insider Threat Awareness Training
Center for Development of Security Excellence (CDSE) Insider Threat Curricula and E-Learning Courses
Cybersecurity & Infrastructure Security Agency (CISA) Insider Threat Mitigation Resources and Tools (Training)
Help2Protect
National Insider Threat Task Force (NITTF) Insider Threat Training Module
University of Maryland Insider Risk Management and Mitigation Graduate Certificate