Video
Resilience to Insider Risk - 8 Recommended Security Actions
Transcript
Resilience to Insider Risk
8 Recommended Security Actions
#1: Establish a Culture of Security
- Establish senior management engagement and accountability
- Identify a senior official responsible for managing insider risks
- Build a whole-of-organization commitment to security and emphasize leadership at all levels
#2: Develop Clear Security Policies and Procedures
- Define clear expectations and outcomes
- Identify risk levels of positions in the organization
- Align employee access with position risk levels
#3: Reduce Risks from Partners and Third Party Providers
- Understand key assets and systems
- Know your partners
- Know your risks
#4: Implement a Personnel Screening Life-Cycle
- Conduct pre-employment screening
- Implement ongoing employee security screening
- Incorporate departure and internal movement procedures
- Establish transparent security policies
#5: Provide Training, Raise Awareness and Conduct Exercises
- Provide regular training to decrease the risk of unintended security infractions
- Raise awareness of potential warning signs
- Foster a culture of vigilance and empower employees
#6: Identify Critical Assets and Protect Them
- Identify and rank key assets and systems
- Secure key assets and systems
- Leverage signage and visible deterrents to access
- Apply the principle of least privilege
- Separate duties
#7: Monitor, Respond to and Mitigate Unusual Behaviour
- Track remote access and monitor device endpoints
- Establish effective incident reporting, tracking, and response measures
- Raise Awareness of best practices regarding the use of social networking sites
#8: Protect Your Data
- Establish and test business continuity plans and procedures
- Implement procedures to limit information exit points
Visit publicsafety.gc.ca to learn more
- Date modified: