Preventions
- Home
- - Preventions
- -PV022
- ID: PV022
- Created: 12th June 2024
- Updated: 21st July 2024
- Contributor: The ITM Team
Internal Whistleblowing
Provide a process for all staff members to report concerning and/or suspicious behaviour to the organization's security team for review. An internal whistleblowing process should take into consideration the privacy of the reporter and the subject(s) of the report, with specific regard to safeguarding against reprisals against reporters.
Sections
ID | Name | Description |
---|---|---|
MT007 | Resentment | A subject is motivated by resentment towards the organisation to access and exfiltrate or destroy data or otherwise contravene internal policies. |
MT004 | Political or Philosophical Beliefs | A subject is motivated by their political or philosophical beliefs to access and destroy or exfiltrate sensitive data or otherwise contravene internal policies. |
MT012 | Coercion | A subject is persuaded against their will to access and exfiltrate or destroy sensitive data, or conduct some other act that harms or undermines the target organization. |
MT010 | Self Sabotage | A subject accesses and exfiltrates or destroys sensitive data or otherwise contravenes internal policies with the aim to be caught and penalised. |
MT005 | Personal Gain | A subject seeks personal gain from another by accessing and exfiltrating or destroying sensitive data or otherwise contravening internal policies. |
MT011 | Hubris | A subject accesses and exfiltrates or destroys sensitive data or otherwise contravenes internal policies with the aim to successfully defeat controls in order to demonstrate ability and/or skill. |
MT001 | Joiner | A subject joins the organisation with the pre-formed intent to gain access to sensitive data or otherwise contravene internal policies. |
MT002 | Mover | A subject moves within the organisation to a different team with the intent to gain access to sensitive data or to circumvent controls or to otherwise contravene internal policies. |
IF021 | Harassment and Discrimination | A subject engages in unauthorized conduct that amounts to harassment or discriminatory behavior within the workplace, targeting individuals or groups based on protected characteristics, such as race, gender, religion, or other personal attributes. Incidents of harassment and discrimination may expose the organization to legal risks, potential reputational damage, and regulatory penalties. Additionally, individuals affected by such behavior may be at higher risk of retaliating or disengaging from their work, potentially leading to further insider risks. |
MT005.001 | Speculative Corporate Espionage | A subject covertly collects confidential or classified information, or gains access, with the intent to sell it to a third party private organization. |
MT005.002 | Corporate Espionage | A third party private organization deploys an individual to a target organization to covertly steal confidential or classified information or gain strategic access for its own benefit. |
MT012.003 | Psychological Manipulation | A third party uses deception, exploitation, or other unethical methods to psychologically manipulate a subject over time, with the intent to influence their perceptions, actions, and decisions. This manipulation can lead the subject to, knowingly or unknowingly, act against the organization’s interests. |