Insider Risk Audit
  • Which answer best describes the industry you work in?
  • *Does your organisation have policies that protect the security of your organisational information and IT resources?

    eg. Job descriptions and employee contracts include descriptions of information security

    responsibilities including implementing and maintaining policies, and protecting organisational

    assets scaled for each employee position.

  • *Do specific training and education programs addressing policy and practice areas relevant to insider risk exist?
  • *Does your organisation have policies describing how to identify and respond to at-risk employees or counter-productive workplace behaviours?

    Eg. guidelines for recognising and addressing signs or symptoms that an employee is:

     Experiencing stress

     Engaged in interpersonal conflict

     Guilty of technical violations

     Susceptible to social engineering

     Other signs that he may be at risk for insider violations

  • *Does your organisation have clear procedures describing access to and benefits of employee assistance programs (EAP) and other employee support services?

    eg. services, policies and procedures to assist employees and their families with personal,

    psychological, financial, legal and other stressors which have been related to insider risk are in

    place and accessible to employees, including provisions for privacy, voluntary and involuntary

    referral and referrals by others.

  • *

    Does your organisation conduct any type of formal one-on-one integrity testing during the recruitment stage?

    Information collected during pre-employment screening helps hiring managers make informed decisions and mitigate the risk of hiring a “problem” employee. The methods chosen to screen prospective employees will likely depend on the sensitivity of the industry and the job position.

  • *

    Do your organisational screening policies and practices extend to trusted 'third-party' partners?

    eg. policies and practices related to insider risk are applied in appropriate or parallel form to all personnel working with the organisation, including contractors, subcontractors, temporary employees, clients and customers who utilise shared resources, etc. 

  • *

    Does your organisation always verify the authenticity of government issued documents?

    eg. Australian citizens, New Zealand citizens and Australian permanent residents are legal workers and have unlimited permission to work in Australia. Some Australian visas have work limitations that could include not being able to work at all or only being able to work with a certain employer or a specific number of hours. An Australian visa holder who is not in breach of their visa conditions is also a known as a legal worker.

  • *Does your organisation search overseas government records, when applicable?
  • *Does your organisation check criminal history records?
  • *Does your organisation test for illegal drug use?
    Tests can be done physical, via a questionnaire or personal interview.
  • *Does your organisation perform periodic, ongoing or follow-up database checks or other investigative actions normally associated with pre-screening to ensure that continuing employees remain suitable and reliable and are not subject to compromising factors?
  • *Does your organisation utilise the services of head hunters, labour hire, recruitment firms or other placement groups?

    eg. placement firms charge a fee for supplying an organisation with employee candidates who are subsequently hired. Their income is derived from the initial placement of the employee in that position and most employees of such organisations operate on a per-head commission. The priority of these groups is, therefore, on the placement of as many individuals as possible.

  • *If Yes, to what extent do you rely on these service providers to screen candidates for risk factors associated with insider violations?
  • *After you click submit, the result you will see on the screen will be the overall risk assessment. Based on your individualised answers, we can offer you an even more detailed response. If would would like that full report, we will need your email address. 
    • First Name
    • Last Name
    • Company
    • City
    • Phone
    • Email

That's all, folks!