1.3 Entity Employees
“The first line of defense from insider threats is the employees themselves.” – Software Engineering Institute (SEI)
Stakeholders expect managerial personnel to run the entity in accordance with accepted business practices, while maintaining compliance with applicable laws and regulations. An appropriate managerial tone should be established and communicated throughout the entity, including explicit moral guidance regarding expected behavior. For IAP, the onus certainly resides with the entity to take adequate precautions when employing individuals and to ensure that, regardless of motive, individuals are reasonably prevented from abusing IT resources.