Video
Resilience to Insider Risk - 8 Recommended Security Actions

Transcript

Resilience to Insider Risk
8 Recommended Security Actions

#1: Establish a Culture of Security

  • Establish senior management engagement and accountability
  • Identify a senior official responsible for managing insider risks
  • Build a whole-of-organization commitment to security and emphasize leadership at all levels

#2: Develop Clear Security Policies and Procedures

  • Define clear expectations and outcomes
  • Identify risk levels of positions in the organization
  • Align employee access with position risk levels

#3: Reduce Risks from Partners and Third Party Providers

  • Understand key assets and systems
  • Know your partners
  • Know your risks

#4: Implement a Personnel Screening Life-Cycle

  • Conduct pre-employment screening
  • Implement ongoing employee security screening
  • Incorporate departure and internal movement procedures
  • Establish transparent security policies

#5: Provide Training, Raise Awareness and Conduct Exercises

  • Provide regular training to decrease the risk of unintended security infractions
  • Raise awareness of potential warning signs
  • Foster a culture of vigilance and empower employees

#6: Identify Critical Assets and Protect Them

  • Identify and rank key assets and systems
  • Secure key assets and systems
  • Leverage signage and visible deterrents to access
  • Apply the principle of least privilege
  • Separate duties

#7: Monitor, Respond to and Mitigate Unusual Behaviour

  • Track remote access and monitor device endpoints
  • Establish effective incident reporting, tracking, and response measures
  • Raise Awareness of best practices regarding the use of social networking sites

#8: Protect Your Data

  • Establish and test business continuity plans and procedures
  • Implement procedures to limit information exit points

Visit publicsafety.gc.ca to learn more

Date modified: