ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: ME021.003
  • Created: 19th June 2024
  • Updated: 24th July 2024
  • Contributor: The ITM Team

Physical Access Credentials

Physical security credentials, such as an ID card or physical keys, that were available to the subject during employment are not revoked and can still be used.

Prevention

ID Name Description
PV023Access Reviews

Routine reviews of user accounts and their associated privileges and permissions should be conducted to identify overly-permissive accounts, or accounts that are no longer required to be active.

PV024Employee Off-boarding Process

When an employee leaves the organization, a formal process should be followed to ensure all equipment is returned, and any associated accounts or access is revoked.

PV011Physical Access Controls

Access to specific areas of a site should be restricted to only authorized personnel, through the use of controls such as locked doors, mantraps, and gates requiring an ID badge.

Detection

ID Name Description
DT052Audit Logging

Audit Logs are records generated by systems and applications to document activities and changes within an environment. They provide an account of events, including user actions, system modifications, and access patterns.

DT033Closed-Circuit Television

CCTV can be used to observe activity within or around a site. This control can help to detect preparation or infringement activities and record it to a video file.