Résumé
The purpose of this document is to provide Canadian critical infrastructure organizations with guidance on what constitutes insider risk and recommendations on how to monitor, respond to, and mitigate insider risk. This guide will assist organizations in developing their insider risk programs to defend against human and technical vulnerabilities, including those related to their partners, service providers, and associates. -- Introduction, p. 1.
Contenu
THEME 1: ESTABLISH A HOLISTIC APPROACH TO SECURITY. -- Security Action 1: Establish a Culture of Security. -- Security Action 2: Develop Clear Security Policies and Procedures. -- Security Action 3: Reduce Risks from Partners. THEME 2: KNOW AND EMPLOWER YOUR PEOPLE. -- Security Action 4: Implement a Personnel Screening Life-Cycle. -- Security Action 5: Provide Training, Raise Awareness and Conduct Exercises. -- THEME 3: IDENTIFY AND PROTECT WHAT IS CRITICAL. -- Security Action 6: Identify Critical Assets and Protect Them. -- Security Action 7: Monitor, Respond to and Mitigate Unusual Behaviour. -- Security Action 8: Protect Your Data.