Back

Establish, implement, and maintain an insider threat program.


CONTROL ID
10687
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Human Resources management, CC ID: 00763

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • As set out in subsection 4.1.1, AIs should implement adequate customer identity authentication controls in their phone banking operations. When a customer calls in to inquire about the customer's bank account (e.g. balance or transaction history) or perform a transaction via the account, AIs should … (§ 7.4.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • A trusted insider program is developed, implemented and maintained. (Control: ISM-1625; Revision: 1, Australian Government Information Security Manual, June 2023)
  • A trusted insider program is developed, implemented and maintained. (Control: ISM-1625; Revision: 1, Australian Government Information Security Manual, September 2023)
  • the ongoing monitoring of 'insider threats', (ie employees at the firm and at the third party who may misuse their legitimate access to firm data for unauthorised purposes maliciously or inadvertently). The term 'employee' should be construed broadly for these purposes and may include contractors, s… (§ 7.11 Bullet 4, SS2/21 Outsourcing and third party risk management, March 2021)
  • For firms subject to the CBEST framework, the CBEST implementation guide notes that 'malicious Insider and Supply Chain Scenarios are a feature of the threat landscape for many firms. These scenarios should always be analysed and discussed during CBEST'. Where required, these firms 'should plan in a… (§ 10.20, SS2/21 Outsourcing and third party risk management, March 2021)
  • Determine whether the financial institution and service provider consider their susceptibility to an insider threat and what impact this may have on business continuity and broader resilience. (TIER I OBJECTIVES AND PROCEDURES Cyber Resilience Objective 10:7, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Implement an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Implement an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Implement an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • The organization implements an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control:, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization implements an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization implements an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Implement an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization implements an insider threat program that includes a cross-discipline insider threat incident handling team. (PM-12 Control:, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)