Investigations Playbook

Course

0m
2 Students
Last Updated: January 31, 2025
From
$99.00
Buy Now

Retake Course

Are you sure you want to retake the course? This action will permanently delete all your progress in this course.

The Insider Risk Investigations Playbook is a practical, comprehensive, and expertly crafted guide, developed by McGrathNicol and the Australian Insider Risk Centre of Excellence. Designed to support insider risk practitioners, it equips them with actionable tools, structured frameworks, and clear guidance to navigate every stage of an insider threat investigation. With an emphasis on organisational security and integrity, the playbook ensures incidents are managed thoroughly, consistently, and with a focus on reducing future risks.

How to Use the Investigations Playbook

The playbook is organised into three key stages, each containing five steps (15 steps in total), with a clear focus on guiding practitioners through the complexities of insider threat investigations.

Stage 1: Detection & Triage
This stage focuses on the early identification and verification of potential insider threats, laying the foundation for further investigation.

Stage 2: Investigate & Assess
In this stage, investigators dive deeper into understanding the full scope of the incident. It includes uncovering behaviours, motivations, and impacts, shifting from detection to analysis.

Stage 3: Resolve & Rectify
This stage centres on finalising the response, addressing vulnerabilities, and preventing similar incidents from recurring, ensuring long-term resilience.

Each step within the playbook includes:

  • A key question to clarify focus.
  • Expert guidance to navigate challenges.
  • A strategic tool for answering the key question.
  • Interactive instructions to promote collaboration and structured decision-making.

However, this playbook is not a rigid, linear process. Think of it as a flexible series of 15 questions designed to create clarity and certainty, regardless of how the investigation unfolds. Whether your process is linear, circular, short, or complex, the playbook adapts to your needs, providing practical tools to move forward confidently.

Each tool is interactive and collaborative, encouraging investigators to print large formats for brainstorming, mapping out decisions, and visually tracking progress. By using these tools effectively, teams can ensure that no detail is overlooked and that investigations remain focused and thorough.

The Investigations Playbook can be used by:​

An investigator: The playbook helps navigate investigations in real-time, providing tools that support decision-making and help identify the next steps in the process. ​

An investigations team: It offers a clear process to follow when incidents occur, ensuring that every team member is aligned and equipped to handle insider threats effectively. ​

A department: The playbook enables the rapid scaling of best practices, ensuring that all teams within the organisation can respond to insider risks consistently and efficiently. ​

With its clear and structured approach, the Insider Risk Investigation Playbook is an essential tool for building resilience against insider threats and strengthening the organisation’s overall security posture.

 

How to Access the Investigations Playbook

The Investigations Playbook is securely hosted on the Australian Insider Risk Centre of Excellence (AIR CoE) platform, ensuring secure access, data management, and updated playbooks.

Practitioners can preview and download a free step and tool from each stage of the playbook: Verify (Stage 1), Outline (Stage 2), and Communicate (Stage 3). These free resources provide an introduction to the framework and a chance to experience the value of the tools firsthand.

Once signed up, you can explore the full Investigations Playbook by progressing through the 15-step framework, deepening your understanding of each step as you go. You have the flexibility to download individual tools step-by-step, tailoring the experience to your needs.

When you have completed the steps, you will gain access to the Next Steps section, where you can download the full playbook as a convenient PDF, providing you with a complete and comprehensive resource.

For more information about our playbooks and other resources, visit the Playbook Hub on our platform.

 

All Aus3C courses deliver practical, real-world outcomes with skills you can immediately apply. With official certificates of completion and pathways to recognized certifications, these programs provide tangible value to advance your career and strengthen your organization’s cyber resilience.

Key points

  • The playbook covers Detection & Triage, Investigate & Assess, and Resolve & Rectify, with 15 adaptable steps for insider threat investigations.
  • Each step includes key questions, expert guidance, and collaborative tools to support decision-making.
  • Designed for any investigation style—linear or complex—while ensuring thoroughness.

Curriculum

Curriculum

  • 4 Sections
  • 16 Lessons
  • 0m Duration
Expand All
Detect & Triage
5 Lessons
  1. Verify
  2. Identify
  3. Evaluate
  4. Inform
  5. Contain
Investigate & Assess
5 Lessons
  1. Outline
  2. Assemble
  3. Collect
  4. Analyse
  5. Assess
Resolve & Rectify
5 Lessons
  1. Communicate
  2. Respond
  3. Report
  4. Implement
  5. Review
Next Steps
1 Lesson
  1. Summary & Full Playbook

Explore other courses

ISM Fundamentals Training
  • Learn to apply the Australian Government’s Information Security Manual (ISM).
  • Covers risk management, Essential Eight, cryptography, and threat modeling.
  • Practical guidance for government and non-government entities.
  • Ideal for IT leaders, CISOs, and security professionals.
$2450.00
Read more
IRAP Re-sit Exam
  • Available to previous Aus3C training participants after 4 months from the original exam.
  • Held online on the fifth day of any 5-day IRAP training.
  • Open to both in-person and virtual training participants.
IRAP Assessor Training
  • ASD-approved IRAP Training Course with ISM and IRAP fundamentals.
  • 5-day program with exam completion for certification eligibility.
  • Option for in-person or virtual attendance.
  • Prepares participants to apply as ASD-endorsed IRAP Assessors.
$4800.00
Read more
IRAP Readiness Training
  • Designed for organizations preparing for IRAP Assessment.
  • Covers ISM and IRAP fundamentals without an exam.
  • Provides a comprehensive understanding of IRAP requirements and processes.
  • Focused on minimizing organizational disruption during assessment.
$3750.00
Read more
IRAP Re-Certification Exam
  • Required for IRAP Assessors inactive for 3+ years.
  • Held online on the fifth day of any 5-day IRAP training.
  • Includes preparation resources upon payment.
  • Open to both in-person and virtual training participants.
$350.00
Read more

Deleting Course Review

Are you sure? You can't restore this back

Course Access

This course is password protected. To access it please enter your password below: