ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV004
  • Created: 25th May 2024
  • Updated: 14th June 2024
  • Contributor: The ITM Team

Enforce a Social Media Policy

A social media policy is a set of rules that governs how employees should use social media platforms in connection with their work. It outlines acceptable and unacceptable behaviors, helps employees understand the consequences of misuse, and serves as a deterrent by promoting accountability, raising awareness of risks, and ensuring consistent enforcement.

Sections

ID Name Description
IF012Public Statements Resulting in Brand Damage

A subject makes comments either in-person or online that can damage the organization's brand through association.

MT008Lack of Awareness

A subject is unaware that they are prohibited from accessing and exfiltrating or destroying sensitive data or otherwise contravening internal policies.

IF017Excessive Personal Use

A subject uses organizational resources, such as internet access, email, or work devices, for personal activities both during and outside work hours, exceeding reasonable personal use. This leads to reduced productivity, increased security risks, and the potential mixing of personal and organizational data, ultimately affecting the organization’s efficiency and overall security.

IF008.006Inappropriate Usage of Social Media

A subject misuses social media platforms to engage in activities that violate organizational policies, compromise security, disclose confidential information, or damage the organization’s reputation. This includes sharing sensitive data, making unauthorized statements, engaging in harassment or bullying, or undertaking any actions that could risk the organization’s digital security or public image.

IF008.008Other Inappropriate Content

A subject accesses other inappropriate web content from a corporate device, contravening internal policies on acceptable use of company equipment.

IF023.003Anti-Trust or Anti-Competition

Anti-trust or anti-competition violations occur when a subject engages in practices that unfairly restrict or distort market competition, violating laws designed to protect free market competition. These violations can involve a range of prohibited actions, such as price-fixing, market division, bid-rigging, or the abuse of dominant market position. Such behavior typically aims to reduce competition, manipulate pricing, or create unfair advantages for certain businesses or individuals.

 

Anti-competition violations may involve insiders leveraging their position to engage in anti-competitive practices, often for personal or corporate gain. These violations can result in significant legal and financial penalties, including fines and sanctions, as well as severe reputational damage to the organization involved.

 

Examples of Anti-Trust or Anti-Competition Violations:

 

  • A subject shares sensitive pricing or bidding information between competing companies, enabling coordinated pricing or market manipulation.
  • An insider with knowledge of a merger or acquisition shares details with competitors, leading to coordinated actions that suppress competition.
  • An employee uses confidential market data to form agreements with competitors on market control, stifling competition and violating anti-trust laws.

 

Regulatory Framework:

 

Anti-trust or anti-competition laws are enforced globally by various regulatory bodies. In the United States, the Federal Trade Commission (FTC) and the Department of Justice (DOJ) regulate anti-competitive behavior under the Sherman Act, the Clayton Act, and the Federal Trade Commission Act. In the European Union, the European Commission enforces anti-trust laws under the Treaty on the Functioning of the European Union (TFEU) and the Competition Act.