Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AT-01.2: The organisation shall include insider threat awareness and reporting in its cyber- security training to help personnel recognise and respond to potential internal risks. |
|
PR.AT-01.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p105 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p75 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that all personnel are trained to recognise and report potential insider threats, thereby reducing the risk of internal cybersecurity incidents. This control builds on the general awareness from PR.AT-01.1 by introducing specific threat scenarios and response actions. The implementation should consider: - Training should include how to recognise behavioural signs of insiderthreats, such as unusual access patterns, data hoarding, or sudden changes in behaviour. - The organisation should define insider threats clearly (e.g. malicious, negligent, or compromised insiders, including employees and contractors). - Staff should be trained on how and where to report suspicious activity, and why timely reporting matters. - Real-life case studies or simulations should be used to show the impact of insider threats and reinforce learning. - Insider threat awareness should be part of regular security training and onboarding for all staff. - Specialised training should be provided to staff with access to sensitive data or systems, focusing on their specific responsibilities. - Cross-functional teams-training should be developed with both IT security and OT operational expertise (Cross-Training). - Annual refresher training should be used to reinforce key messages and introduce updates. - The organisation should promote a culture of securitywhere employees feel safe to report concerns without fear of retaliation. |
|
A general note, for any purpose. |
The goal of this control is to ensure that all personnel are trained to recognise and report potential insider threats, thereby reducing the risk of internal cybersecurity incidents. This control builds on the general awareness from PR.AT-01.1 by introducing specific threat scenarios and response actions. The implementation should consider: - Training should include how to recognise behavioural signs of insiderthreats, such as unusual access patterns, data hoarding, or sudden changes in behaviour. - The organisation should define insider threats clearly (e.g. malicious, negligent, or compromised insiders, including employees and contractors). - Staff should be trained on how and where to report suspicious activity, and why timely reporting matters. - Real-life case studies or simulations should be used to show the impact of insider threats and reinforce learning. - Insider threat awareness should be part of regular security training and onboarding for all staff. - Specialised training should be provided to staff with access to sensitive data or systems, focusing on their specific responsibilities. - Cross-functional teams-training should be developed with both IT security and OT operational expertise (Cross-Training). - Annual refresher training should be used to reinforce key messages and introduce updates. - The organisation should promote a culture of securitywhere employees feel safe to report concerns without fear of retaliation. |
|
A general note, for any purpose. |
The goal of this control is to ensure that all personnel are trained to recognise and report potential insider threats, thereby reducing the risk of internal cybersecurity incidents. This control builds on the general awareness from PR.AT-01.1 by introducing specific threat scenarios and response actions. The implementation should consider: • Training should include how to recognise behavioural signs of insiderthreats, such as unusual access patterns, data hoarding, or sudden changes in behaviour. • The organisation should define insider threats clearly (e.g. malicious, negligent, or compromised insiders, including employees and contractors). • Staff should be trained on how and where to report suspicious activity, and why timely reporting matters. • Real-life case studies or simulations should be used to show the impact of insider threats and reinforce learning. • Insider threat awareness should be part of regular security training and onboarding for all staff. • Specialised training should be provided to staff with access to sensitive data or systems, focusing on their specific responsibilities. • Cross-functional teams-training should be developed with both IT security and OT operational expertise (Cross-Training). • Annual refresher training should be used to reinforce key messages and introduce updates. • The organisation should promote a culture of securitywhere employees feel safe to report concerns without fear of retaliation. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that all personnel are trained to recognise and report potential insider threats, thereby reducing the risk of internal cybersecurity incidents. This control builds on the general awareness from PR.AT-01.1 by introducing specific threat scenarios and response actions. The implementation should consider:</p><ul><li>Training should include how to recognise behavioural signs of insiderthreats, such as unusual access patterns, data hoarding, or sudden changes in behaviour.</li><li>The organisation should define insider threats clearly (e.g. malicious, negligent, or compromised insiders, including employees and contractors).</li><li>Staff should be trained on how and where to report suspicious activity, and why timely reporting matters.</li><li>Real-life case studies or simulations should be used to show the impact of insider threats and reinforce learning.</li><li>Insider threat awareness should be part of regular security training and onboarding for all staff.</li><li>Specialised training should be provided to staff with access to sensitive data or systems, focusing on their specific responsibilities.</li><li>Cross-functional teams-training should be developed with both IT security and OT operational expertise (Cross-Training).</li><li>Annual refresher training should be used to reinforce key messages and introduce updates.</li><li>The organisation should promote a culture of securitywhere employees feel safe to report concerns without fear of retaliation.</li></ul></div> |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AT-01.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Insider threat awareness training |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall include insider threat awareness and reporting in its cyber- security training to help personnel recognise and respond to potential internal risks. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1