This unit describes the skills and knowledge required to develop cyber security insider threat and risk response plans to effectively prevent, detect and mitigate insider threats. This includes assessing current cyber security risks, evaluating existing procedures, and drafting a cyber security insider threat and risk response plan. An insider threat or risk refers to an intentional or unintentional act committed by individuals in an organisation that causes, or has the potential to cause, harm to an organisation’s cyber security.

The unit applies to individuals who work in a broad range of industries who as part of their job role assist in preventing insider threat and risk, by supporting processes to develop response plans. Individuals in these job roles will demonstrate judgement and have limited responsibilities in changing contexts.

No licensing, legislative or certification requirements apply to this unit at the time of publication.