ReSeBI v1.2

Resilient Security Behavior Index

  1. General Behavior (GB)
  2. Customer Help Desk Behavior (CHDB)
  3. Data Scientist Behavior (DSB)
  4. Finance Department Behavior (FDB)
  5. Human Resource Behavior (HRB)
  6. IT Behavior (ITB)
  7. Marketing Department Behavior (MDB)
  8. Research and Development Behavior (RDB)
  9. Sales Department Behavior (SDB)
  10. Supply Chain Management Behavior (SCMB)
  11. Software Developer Behavior (SODB)

General Behavior (GB)

GB1

Secure Email Use

GB1.1 Phishing resilience

GB1.1.1

Avoids clicking on unknown links or opening mail attachments and deletes them promptly

GB1.1.2

Checks elements like email domain (the part after the “@” symbol), poor grammar or spelling mistakes, etc

GB1.1.3

Enables spam filters on email accounts to identify and filter out phishing emails

GB1.2 Secure sending

GB1.2.1

Double checks email addresses before sending

GB1.3 Attachments/Link verification

GB1.3.1

Scans attachments with an updated antivirus software before downloading it

GB1.3.2

Enables the display of file extensions on the operating system to identify potential threats

GB1.3.3

Confirms the legitimacy of the attachment with the sender before opening it

GB1.3.4

Only enables macros when opening attachments from trustworthy sources

GB1.3.5

Opens attachments only with applications specifically designed to handle these file types (e.g., opens PDF document with Adobe Acrobat)

GB1.3.6

Hovers over the link to see the actual URL destination before clicking on it

GB2

Secure Browsing Practices

GB2.1 Secure browsing

GB2.1.1

Can identify encrypted and unencrypted websites (e.g., by looking at the https lock icon)

GB2.1.2

Check for the presence of the HTTPS lock to differentiate between encrypted (HTTPS) and unencrypted (HTTP) websites

GB2.1.3

Sticks to trusted and reputable websites by verifying them carefully (typos in the URLs, etc.)

GB2.1.4

Makes credit card purchases only on trustworthy sites

GB2.1.5

Avoids clicking on suspicious pop-ups/ads/links

GB2.1.6

Does not use official SSO for personal website logins

GB2.2 Secure downloads

GB2.2.1

Downloads files only from reputable and official sources

GB2.2.2

Double checks buttons by hovering the mouse and checking the destination URL before initiating a download

GB2.2.3

Reads other user reviews for security vulnerabilities before downloading

GB3

Responsible Social Media Usage

GB3.1 Information sharing on social media

GB3.1.1

Do not share personally identifiable information and excessive information about one’s workplace on social platforms (e.g., location, contact details, etc.)

GB3.1.2

Check the accuracy of the post/message before sharing

GB3.2 Connection request evaluation

GB3.2.1

Only connects with trusted individuals and verifies their authenticity before accepting requests

GB3.3 Engaging with messages

GB3.3.1

Deletes suspicious messages or links

GB4

Responsible Device Management

GB4.1 Secure mobile device usage

GB4.1.1

Enforcing screen locks (e.g., PIN, fingerprint, or facial recognition), enabling encryption, and using security apps to safeguard device integrity

GB4.1.2

Downloading apps only from trusted sources (e.g., app stores) and reviewing app permissions before installation

GB4.1.3

Following workplace policies related to mobile device security

GB4.1.4

Ensure regular data backups

GB4.1.5

Ensure secure disposal of mobile devices

GB4.2 Secure computer usage

GB4.2.1

Adhering to computer usage policies and guidelines set by the organisation

GB4.2.2

Regularly performing system maintenance tasks such as disk cleanup, defragmentation (if applicable), and hardware checks

GB4.2.3

Protecting computers from physical theft or tampering

GB4.3 Secure IoT usage

GB4.3.1

Changes the provided default credentials immediately after setting up an IoT device

GB4.3.2

Regularly updates the firmware and software of each IoT devices

GB4.3.3

Creates separate network segments or VLANs (Virtual Local Area Network) for IoT devices

GB4.3.4

Disables IoT devices when not in use

GB4.3.5

Regularly checks and reviews permissions granted to IoT devices

GB4.3.6

Properly researches various IoT devices available in the market before purchasing one

GB5

Secure Remote Work

GB5.1 Secure Wifi usage

GB5.1.1

Avoids connecting to open or unsecured networks

GB5.1.2

Employs a strong and unique WiFi password for own networks

GB5.2 Secure VPN usage

GB5.2.1

Uses a trusted VPN service

GB5.2.2

Connects to a VPN while using an unfamiliar network

GB5.3 Secure online meetings

GB5.3.1

Double checks the participant list to verify that only intended participants are being invited to the meeting

GB5.3.2

Reviews participants using the waiting room feature before adding them to the meeting

GB5.3.3

Restricts file transfers, chat capabilities as necessary during meetings

GB5.3.4

Asks for consent before recording meetings

GB6

Secure AI/LLM Usage

GB6.1 Secure usage of research assistants (GPT)

GB6.1.1

Does not copy and paste information as it is from AI/LLM platforms

GB6.1.2

Is careful enough to not divulge highly confidential business information/personally identifiable information to AI/LLM platforms

GB6.1.3

Regularly review permissions

GB6.2 Document review

GB6.2.1

Removes personally identifiable information or sensitive data from documents before uploading them to the AI/LLM platforms

GB7

Logical Access Control

GB7.1 Access credentials management

GB7.1.1

Creates complex passwords with or without enforcement

GB7.1.2

Does not write down passwords or store in a soft copy

GB7.1.3

Creates separate passwords across accounts

GB7.1.4

Pro-actively uses a password manager

GB7.1.5

Changes password diligently when prompted by the system or application

GB7.1.6

Using encryption measures for data protection (TLS, SSL, etc.)

GB7.1.7

Opts for MFA even when it is only an option

GB7.1.8

Selects the most secure MFA option (e.g., OTP generated by app rather than SMS)

GB7.1.9

Select the SSO option for signing-in for all work-related accounts

GB7.1.10

Keeps up-to-date with SSO best practices and guidelines

GB8

Physical Access Control

GB8.1 Access card management

GB8.1.1

Stores physical access cards in secure places when not in use

GB8.1.2

Does not share own or use others’ access cards

GB8.1.3

Promptly reports lost or stolen access cards

GB8.1.4

Makes use of the appropriate channel to report lost or stolen cards

GB8.2 Secure access to facilities

GB8.2.1

Use secure and authorized methods (such as biometrics, PINs, or access cards) to authenticate identity before gaining physical access

GB8.2.2

Adhere to the escort policy, ensuring that authorized personnel accompany visitors within secure areas for compliance

GB8.2.3

A systematic approach is followed to register all visitors and issue temporary access credentials when entering secure areas

GB8.2.4

Prioritise safety by not misusing emergency exits for unauthorized access or exit, enhancing safety protocols

GB8.2.5

Lock office doors, filing cabinets, or other secure areas when they are not in use, especially in shared or open spaces

GB8.2.6

Ensure that all security cameras and surveillance systems are operational and avoid tampering with it

GB9

Secure Information Management

GB9.1 Information categorization

GB9.1.1

Classify information based on its sensitivity

GB9.2 Information permissions

GB9.2.1

Sets appropriate file permissions and access levels for documents and folders

GB9.2.2

Double-checks to ensure that the correct file permissions are enabled before sharing the files or folders with others

GB9.3 Information sharing

GB9.3.1

Checks recipient addresses before sending files

GB9.3.2

Uses strong passwords to secure the file sharing account

GB9.3.3

Uses only company approved information sharing channels

GB10

Choosing Third-Party Services

GB10.1 Vendor evaluation

GB10.1.1

Evaluating and assessing potential vendors

GB10.2 Secure software installation

GB10.2.1

Avoids downloading software from third-party websites or unverified sources

GB10.2.2

Reads permissions or privileges requested by software to asses whether it aligns with its intended functionality

GB10.2.3

Carefully reviews installation prompts and deselects the optional software

GB10.2.4

Conduct a thorough assessment of the vendor’s reputation, security practices, and track record

GB10.2.5

Ensure that vendor contracts include clear security obligations and service level agreements (SLAs)

GB10.3 Software security check

GB10.3.1

Updating, maintaining, and upgrading software to ensure it functions correctly

GB11

Incident Management

GB11.1 Incident detection

GB11.1.1

Establishes baseline behaviors and uses anomaly detection mechanisms to identify deviations

GB11.1.2

Conducts periodic vulnerability assesments and addresses the identified vulnerabilities promptly

GB11.1.3

Identify signs of threats like deepfake, vishing, smishing etc

GB11.2 Incident classification

GB11.2.1

Categorise incidents based on their impact and potential harm

GB11.2.2

Inform IT, security team, and management, about the incident’s classification and severity

GB11.3 Incident reporting

GB11.3.1

Establishes a well-defined process for reporting security incidents within the organization

GB11.3.2

Promptly report security incidents to the IT/Security team

GB11.3.3

Opens multiple incident reporting channels

GB11.4 Incident containment

GB11.4.1

Isolating affected systems or networks to prevent further spread of the threat

GB11.4.2

Address vulnerabilities that may have been exploited by the attacker to prevent reinfection

GB12

Data Privacy

GB12.1 Secure data handling

GB12.1.1

Handle data according to the organizational policies

GB12.2 Incident classification

GB12.2.1

Ensure data subject rights such as the right to access correct or delete their personal data

GB12.3 Data protection and privacy compliance

GB12.3.1

Consistently adheres to data protection laws and regulations, including GDPR, PDPA, and other relevant legislation

GB12.3.2

Adhere to regulatory guidelines for complaint resolution

GB12.3.3

Regularly conducts privacy impact assessments and updates data protection policies

GB12.4 Legal compliance and reporting

GB12.4.1

Proactively identify, report, and address any potential legal compliance issues or violations to the appropriate authority or compliance officer as required by law

GB13

Data Governance and Ethics

GB13.1 Adherence to guidelines

GB13.1.1

Complies to data privacy rules and regulations of the land when working with sensitive data

GB13.1.2

Follow organization protocol for software installation, pilot test, etc.

GB13.2 Ethical data use

GB13.2.1

Avoids introducing biases into data processing, ensuring fairness and objectivity in decision-making

GB13.2.2

Is transparent about how data is used and ensures the data use aligns with ethical standards

GB14

Information Validation

GB14.1 Credibility check

GB14.1.1

Cross-checks multiple reliable sources to verify information credibility

GB14.1.2

Contacts official channels for information related to organizations or government entities to verify its authenticity

GB14.2 Secure online research

GB14.2.1

Looks for verifiable data, credible research, and reliable sources cited within the information

GB14.2.2

Pays attention to timestamps of articles, posts, videos to ensure the information is relevant

Customer Help Desk Behavior (CHDB)

CHDB1

Enquiry Response

CHDB1.1 Customer identity verification

CHDB1.1.1

Establishes a streamlined process to verify the identities of customers before disclosing sensitive information

CHDB1.2 Secure customer communication

CHDB1.2.1

Establishes customer portals that uses strong encryption methods to protect customer data

CHDB2

Technical Support

CHDB2.1 Secure remote access

CHDB2.1.1

Regularly reviews and revokes remote access privileges when they are no longer needed

CHDB3

Record Maintenance

CHDB3.1 User permissions

CHDB3.1.1

Ensures that employees only have access to customer records required for their specific roles

CHDB3.2 Monitoring audit logs

CHDB3.2.1

Implements monitoring mechanisms to track access to customer records

Data Scientist Behavior (DSB)

DSB1

Secure Data Mining

DSB1.1 Secure data preparation

DSB1.1.1

Collects data in accordance with data privacy laws and takes appropriate measures to protect personally identifiable data (masking, anonymization)

DSB1.1.2

Maintains up-to-date antivirus software, firewalls and other security measures to protect data

DSB1.1.3

Performs checks for missing values, outliers or inconsistencies in data

DSB1.1.4

Works solely with necessary variables relevant to current analysis or modeling

DSB2

Secure A/B Testing

DSB2.1 Obtaining participant consent

DSB2.1.1

Communicates clearly the purpose of testing, data collected and any potential risks that might be involved

DSB2.2 Secure storage of testing data

DSB2.2.1

Stores data in encrypted databases or file systems

DSB2.2.2

Uses cryptographic techniques such as digital signature or hash functions to identify unauthorized tampering of data

DSB2.2.3

Minimizes the collection of sensitive or unnecessary information to reduce potential risks

Finance Department Behavior (FDB)

FDB1

Secure Accounting Practices

FDB1.1 Secure record keeping

FDB1.1.1

Follows a regular backup schedule for all financial records, including electronic files and paper documents

FDB1.1.2

Stores or deletes records in accordance with organization’s record-keeping policy

FDB1.1.3

Implements record integrity checks to detect and prevent unauthorized record alterations

FDB1.1.4

Limits access to the record preparation and storage software to authorized personnel only

Human Resource Behavior (HRB)

HRB1

Recruitment

HRB1.1 Secure candidate data collection

HRB1.1.1

Collects only absolutely necessary information required for the selection process

HRB1.2 Candidate data protection

HRB1.2.1

Stores candidate data securely through the lawful retention period

HRB1.2.2

Limits candidate data access to authorized personnel only

HRB1.2.3

Transmits recruitment data as password-protected documents

HRB1.2.4

Use strict access controls and encryption

HRB1.3 Candidate data archiving and retention

HRB1.3.1

Classifies candidate data based on organizational guidelines

HRB1.3.2

Explains data retention and obtains consent from the departing employeeClassifies candidate data based on organizational guidelines

HRB1.3.3

Adheres to privacy laws for data retention, storage, or deletion

HRB1.4 Secure candidate data deletion

HRB1.4.1

Uses secure data deletion methods to permanently erase candidate data

HRB1.4.2

Ensures candidate data removal to prevent unintended restoration or duplication

HRB2

Secure Employee Onboarding

HRB2.1 Ensure secure onboarding

HRB2.1.1

Ensure the signing of confidentiality agreements

HRB2.1.2

Conduct background verification

HRB3

Employee Data Management

HRB3.1 Mandatory record protection

HRB3.1.1

Secures employee data backups on cloud platforms and regularly tests restoration

HRB3.2 Maintaining employee performance and official records

HRB3.2.1

Standardizes record-keeping practices across the organization

HRB3.2.2

Verifies up-to-date and lawful employee record maintenance

HRB3.3 Facilitate employee training programs

HRB3.3.1

Ensures that all employees have attended mandatory cybersecurity training

HRB3.3.2

Sends reminders to employees to complete mandatory cybersecurity trainings on time

HRB3.3.3

Initiate disciplinary actions for cybersecurity violation

HRB4

Secure Employee Offboarding

HRB4.1 Ensure secure offboarding

HRB4.1.1

Promptly revokes access for an employee upon their exit

HRB4.1.2

Retreives company issued devices, access cards etc from the departing employee

HRB4.1.3

Reminds exiting employees of sticking to their confidentiality and non-disclosure obligations

HRB4.1.4

Conveys key details on departure, access termination, and data-handling instructions for knowledge transfer (Exit interview)

IT Behavior (ITB)

ITB1

Secure Network Management

ITB1.1 Secure patch management

ITB1.1.1

Follows a regular patching schedule to ensure that updates are made promptly

ITB1.1.2

Properly tracks and documents patch deployments

ITB1.1.3

Works closely with system owners and admins to ensure that their respective devices are patched in a timely manner

ITB1.2 Network segmentation

ITB1.2.1

Identifies and categorizes systems based on sensitivity

ITB1.2.2

Periodically reviews and updates network segmentation policies

HRB1.2.3

Clearly defines and enforces access controls for each network segment

ITB1.3 Ensure endpoint security

ITB1.3.1

Implements application whitelisting to allow only authorized applications to run on endpoints

ITB1.3.2

Isolates compromised endpoints from the network in the event of a network breach to prevent malware spread and limit damage

ITB1.4 Firewall configuration

ITB1.4.1

Clearly defines and documents firewall policies that align with the organization’s security requirements

ITB1.4.2

Conducts penetration testing and security assessments to identify and address vulnerabilities in the firewall configuration

ITB1.4.3

Regularly monitors firewall logs to detect and respond to suspicious behavior

ITB2

Secure System Administration

ITB2.1 User account management

ITB2.1.1

Implements a comprehensive user account lifecycle management process that includes account creation, modification, and timely deactivation when an employee leaves or changes roles

ITB2.1.2

Monitors user account activities to detect suspicious behavior

ITB2.1.3

Implements account lockout policies to protect against brute force attacks

ITB2.2 Secure documentation

ITB2.2.1

Uses version control systems to manage changes to documents

Marketing Department Behavior (MDB)

MDB1

Market Research

MDB1.1 Secure survey forms

MDB1.1.1

Uses secure protocols to encrypt online survey forms

MDB1.2 Data scrubbing and aggregation

MDB1.2.1

Removes direct identifiers and combines data in such a way that individuals cannot be identified

MDB1.3 Vendor due diligence

MDB1.3.1

Conducts thorough due diligence to assess the cybersecurity practices of third-party vendors

MDB2

Branding and Positioning

MDB2.1 Secure brand assets

MDB2.1.1

Protects brand assets by implementing measures like strong access controls, watermarking etc

MDB2.2 Secure websites

MDB2.2.1

Implements SSL/TLS certificates in websites to encrypt communication between users and the site

MDB2.2.2

Regularly updates and patches website’s software and plugins to address vulnerabilities

MDB2.3 Secure domain name

MDB2.3.1

Enables domain locking and uses strong registrar account passwords

MDB2.3.2

Regularly reviews and renews domain registrations to avoid expiration and potential unauthorized acquisitions

MDB3

Advertising and Promotion

MDB3.1 Secure ad platforms

MDB3.1.1

Uses strongly secured ad platforms to manage campaign data

MDB3.1.2

Implements strong , unique passwords and enables two factor authentication wherever possible

MDB4

Marketing Communications

MDB4.1 Secure media relations

MDB4.1.1

Shares information with media outlets only after verifying the authenticity of media contacts

MDB4.1.2

Clearly defines and sets internal protocols for media engagement to ensure that only authorized personnel communicate with media

Research and Development Behavior (RDB)

RDB1

Secure Intellectual Property Management

RDB1.1 Patent filings

RDB1.1.1

Maintains a secure record of the invention’s development process, iterations, details of all contributors and any other relevant information

RDB1.1.2

Ensures that external parties such as patent agents or attorneys sign non disclosure agreements when sharing invention details with them

RDB1.1.3

Avoids public disclosures of the invention before filing a patent application

RDB2

Secure Research and Analysis

RDB2.1 Secure research practices

RDB2.1.1

Uses only trusted research tools and services

RDB2.1.2

Ensures that all devices used for research are equipped with up-to-date antivirus software

RDB2.1.3

Discusses sensitive research matters only through secure and organization approved communication channels

Sales Department Behavior (SDB)

SDB1

Lead Generation

SDB1.1 Secure prospecting

SDB1.1.1

Uses only trusted data sources for obtaining prospect information (e.g., reading online reviews, checking whether these sources adhere to privacy laws, exploring data from industry-specific associations, asking for referrals from trusted contacts who have experience with using data sources for prospect information, etc)

SDB1.1.2

Communicate with prospects using secure communication channels that use end-to-end encryption (e.g., encrypted emails, secure communication channels like Microsoft Teams, Cisco Webex etc)

SDB1.1.3

Obtains consent from prospects before collecting data and handles them in a compliant manner

SDB1.2 Secure demos and presentations

SDB1.2.1

Uses mock data or anonymizes information whenever possible during presentation

SDB1.2.2

Avoids showing sensitive or confidential business data during presentations or demos

SDB1.2.3

Uses strong protection methods to secure devices used for presentations or demos (e.g., disk encryption, strong passwords, anti-malware software etc)

SDB1.3 Secure negotiations

SDB1.3.1

Ensures that non-disclosure agreements are signed by both parties (organization and prospects) involved in the negotiation before sharing confidential data

SDB1.3.2

Uses file-sharing platforms that help control who can access, download and modify negotiation-related data (e.g., Intralinks, Onehub, Box etc)

SDB2

Customer Relationship Management

SDB2.1 Data entry

SDB2.1.1

Avoids including sensitive or personal data that is not required for the sales or customer relationship management process

SDB2.1.2

Double checks the accuracy of data entered into the CRM platform

SDB2.1.3

Always logs out of the CRM platform when data entry tasks have been finished

SDB2.2 Reporting and analysis

SDB2.2.1

Restricts access to reporting and analysis features only to authorized personnel

SDB2.2.2

Implements data encryption during transit to prevent unauthorized access or interception

Supply Chain Management Behavior (SCMB)

SCMB1

Secure Inventory Management

SCMB1.1 Secure inventory tracking

SCMB1.1.1

Accurately records all inventory transactions in the tracking system

SCMB1.1.2

Secures inventory storage areas with physical security measures, including access controls, surveillance cameras and alarms

SCMB1.1.3

Implements audit logs to monitor and track who accesses inventory data and when

SCMB2

Secure Procurement Process

SCMB2.1 Digital signature verification

SCMB2.1.1

Ensure that the digital signature for contracts, purchase orders and delivery confirmations comes from the authorised person

SCMB2.1.2

Checks for any signs of the document being altered after the signature was applied

SCMB2.1.3

Ensures there is a trusted timestamp on the digital signature to ensure it was applied at a specific, verifiable time

SCMB2.1.4

Check that the digital certificate used to sign the document is currently valid and has not expired or been revoked

SCMB2.1.5

The signed document is transmitted over secure, encrypted channels (such as HTTPS) to prevent interception or tampering during transit

SCMB2.1.6

The recipient verifies that the signed document is the latest version and checks for any subsequent changes

Software Developer Behavior (SODB)

SODB1

Secure Coding Practices

SODB1.1 Safe input validation

SODB1.1.1

Validates inputs against a defined set of allowed values (using whitelists)

SODB1.1.2

Applies length restrictions on input fields to prevent buffer overflows and excessive data submission

SODB1.1.3

Consistently uses trusted input validation libraries and frameworks rather than writing custom validation code

SODB1.1.4

Ensures that all input is validated on the server side and not just the client side

SODB1.1.5

Ensures that the application handles invalid or malicious input gracefully, without crashing or revealing sensitive system information

SODB1.1.6

When integrating with external systems or third-party services, input data is validated to ensure it meets internal security requirements

SODB1.1.7

Regularly reviews logs for patterns of invalid input attempts

SODB1.1.8

Validates each step for multi-step or dependent inputs to ensure data integrity at every stage

SODB1.2 Secure error handling

SODB1.2.1

Ensures that error messages do not include detailed technical information that reveals internal logic or infrastructure details

SODB1.2.2

Ensures that detailed error information logged internally for debugging purposes is stored in a secure, access-controlled environment

SODB1.2.3

Implement checks to sanitize error logs to avoid capturing sensitive data

SODB1.2.4

Uses a centralized error handling mechanism to ensure consistent behavior across the application when errors occur

SODB1.2.5

Limits the amount of information provided in production error logs compared to development environments

SODB1.2.6

Logs errors related to security events with detailed information and flags them for further investigation

SODB1.3 Secure code reviews

SODB1.3.1

Actively checks for common security vulnerabilities such as those listed in the OWASP Top 10

SODB1.3.2

Ensures that the code adheres to proper business logic

SODB1.3.3

Ensures that all inputs are properly validated and sanitized

SODB1.3.4

Ensure that the code follows the principle of least privilege

SODB1.3.5

Checks whether unnecessary or untrusted libraries are included in the project to minimize the attack surface

SODB1.3.6

Ensures code simplicity to reduce the chances of introducing vulnerabilities due to complexity or unclear logic

SODB1.3.7

Ensures that critical sections of code are well-documented and contain comments that explain the security considerations involved

SODB1.3.8

Ensures that the code is reviewed against a predefined security checklist or framework

SODB1.3.9

Engage multiple reviewers to review critical code sections to ensure no vulnerabilities are overlooked

SODB2

Secure Management of Dependencies and Third-Party Libraries

SODB2.1 Secure dependency updation

SODB2.1.1

Routinely check for and apply updates to dependencies

SODB2.1.2

Specifies dependency versions in configuration files to avoid unintended updates that might introduce vulnerabilities

SODB2.1.3

Only downloads dependencies from reputable sources

SODB2.1.4

Configures builds to fail or raise alerts when vulnerabilities are detected in dependencies

SODB2.1.5

Checks the license of dependencies to ensure compliance with legal and organizational policies

SODB2.1.6

Maintains documentation of all dependency updates

SODB2.2 Secure maintenance of third-party libraries

SODB2.2.1

Conducts routine scans of third-party libraries to ensure that libraries’ licenses have not changed

SODB2.2.2

Maintain an up-to-date list of all third-party libraries used in the project, along with their versions and security status