ReSeBI v1.2
Resilient Security Behavior Index
General Behavior (GB)
GB1
Secure Email Use
GB1.1 Phishing resilience
GB1.1.1
Avoids clicking on unknown links or opening mail attachments and deletes them promptly
GB1.1.2
Checks elements like email domain (the part after the “@” symbol), poor grammar or spelling mistakes, etc
GB1.1.3
Enables spam filters on email accounts to identify and filter out phishing emails
GB1.2 Secure sending
GB1.2.1
Double checks email addresses before sending
GB1.3 Attachments/Link verification
GB1.3.1
Scans attachments with an updated antivirus software before downloading it
GB1.3.2
Enables the display of file extensions on the operating system to identify potential threats
GB1.3.3
Confirms the legitimacy of the attachment with the sender before opening it
GB1.3.4
Only enables macros when opening attachments from trustworthy sources
GB1.3.5
Opens attachments only with applications specifically designed to handle these file types (e.g., opens PDF document with Adobe Acrobat)
GB1.3.6
Hovers over the link to see the actual URL destination before clicking on it
GB2
Secure Browsing Practices
GB2.1 Secure browsing
GB2.1.1
Can identify encrypted and unencrypted websites (e.g., by looking at the https lock icon)
GB2.1.2
Check for the presence of the HTTPS lock to differentiate between encrypted (HTTPS) and unencrypted (HTTP) websites
GB2.1.3
Sticks to trusted and reputable websites by verifying them carefully (typos in the URLs, etc.)
GB2.1.4
Makes credit card purchases only on trustworthy sites
GB2.1.5
Avoids clicking on suspicious pop-ups/ads/links
GB2.1.6
Does not use official SSO for personal website logins
GB2.2 Secure downloads
GB2.2.1
Downloads files only from reputable and official sources
GB2.2.2
Double checks buttons by hovering the mouse and checking the destination URL before initiating a download
GB2.2.3
Reads other user reviews for security vulnerabilities before downloading
GB3
Responsible Social Media Usage
GB3.1 Information sharing on social media
GB3.1.1
Do not share personally identifiable information and excessive information about one’s workplace on social platforms (e.g., location, contact details, etc.)
GB3.1.2
Check the accuracy of the post/message before sharing
GB3.2 Connection request evaluation
GB3.2.1
Only connects with trusted individuals and verifies their authenticity before accepting requests
GB3.3 Engaging with messages
GB3.3.1
Deletes suspicious messages or links
GB4
Responsible Device Management
GB4.1 Secure mobile device usage
GB4.1.1
Enforcing screen locks (e.g., PIN, fingerprint, or facial recognition), enabling encryption, and using security apps to safeguard device integrity
GB4.1.2
Downloading apps only from trusted sources (e.g., app stores) and reviewing app permissions before installation
GB4.1.3
Following workplace policies related to mobile device security
GB4.1.4
Ensure regular data backups
GB4.1.5
Ensure secure disposal of mobile devices
GB4.2 Secure computer usage
GB4.2.1
Adhering to computer usage policies and guidelines set by the organisation
GB4.2.2
Regularly performing system maintenance tasks such as disk cleanup, defragmentation (if applicable), and hardware checks
GB4.2.3
Protecting computers from physical theft or tampering
GB4.3 Secure IoT usage
GB4.3.1
Changes the provided default credentials immediately after setting up an IoT device
GB4.3.2
Regularly updates the firmware and software of each IoT devices
GB4.3.3
Creates separate network segments or VLANs (Virtual Local Area Network) for IoT devices
GB4.3.4
Disables IoT devices when not in use
GB4.3.5
Regularly checks and reviews permissions granted to IoT devices
GB4.3.6
Properly researches various IoT devices available in the market before purchasing one
GB5
Secure Remote Work
GB5.1 Secure Wifi usage
GB5.1.1
Avoids connecting to open or unsecured networks
GB5.1.2
Employs a strong and unique WiFi password for own networks
GB5.2 Secure VPN usage
GB5.2.1
Uses a trusted VPN service
GB5.2.2
Connects to a VPN while using an unfamiliar network
GB5.3 Secure online meetings
GB5.3.1
Double checks the participant list to verify that only intended participants are being invited to the meeting
GB5.3.2
Reviews participants using the waiting room feature before adding them to the meeting
GB5.3.3
Restricts file transfers, chat capabilities as necessary during meetings
GB5.3.4
Asks for consent before recording meetings
GB6
Secure AI/LLM Usage
GB6.1 Secure usage of research assistants (GPT)
GB6.1.1
Does not copy and paste information as it is from AI/LLM platforms
GB6.1.2
Is careful enough to not divulge highly confidential business information/personally identifiable information to AI/LLM platforms
GB6.1.3
Regularly review permissions
GB6.2 Document review
GB6.2.1
Removes personally identifiable information or sensitive data from documents before uploading them to the AI/LLM platforms
GB7
Logical Access Control
GB7.1 Access credentials management
GB7.1.1
Creates complex passwords with or without enforcement
GB7.1.2
Does not write down passwords or store in a soft copy
GB7.1.3
Creates separate passwords across accounts
GB7.1.4
Pro-actively uses a password manager
GB7.1.5
Changes password diligently when prompted by the system or application
GB7.1.6
Using encryption measures for data protection (TLS, SSL, etc.)
GB7.1.7
Opts for MFA even when it is only an option
GB7.1.8
Selects the most secure MFA option (e.g., OTP generated by app rather than SMS)
GB7.1.9
Select the SSO option for signing-in for all work-related accounts
GB7.1.10
Keeps up-to-date with SSO best practices and guidelines
GB8
Physical Access Control
GB8.1 Access card management
GB8.1.1
Stores physical access cards in secure places when not in use
GB8.1.2
Does not share own or use others’ access cards
GB8.1.3
Promptly reports lost or stolen access cards
GB8.1.4
Makes use of the appropriate channel to report lost or stolen cards
GB8.2 Secure access to facilities
GB8.2.1
Use secure and authorized methods (such as biometrics, PINs, or access cards) to authenticate identity before gaining physical access
GB8.2.2
Adhere to the escort policy, ensuring that authorized personnel accompany visitors within secure areas for compliance
GB8.2.3
A systematic approach is followed to register all visitors and issue temporary access credentials when entering secure areas
GB8.2.4
Prioritise safety by not misusing emergency exits for unauthorized access or exit, enhancing safety protocols
GB8.2.5
Lock office doors, filing cabinets, or other secure areas when they are not in use, especially in shared or open spaces
GB8.2.6
Ensure that all security cameras and surveillance systems are operational and avoid tampering with it
GB9
Secure Information Management
GB9.1 Information categorization
GB9.1.1
Classify information based on its sensitivity
GB9.2 Information permissions
GB9.2.1
Sets appropriate file permissions and access levels for documents and folders
GB9.2.2
Double-checks to ensure that the correct file permissions are enabled before sharing the files or folders with others
GB9.3 Information sharing
GB9.3.1
Checks recipient addresses before sending files
GB9.3.2
Uses strong passwords to secure the file sharing account
GB9.3.3
Uses only company approved information sharing channels
GB10
Choosing Third-Party Services
GB10.1 Vendor evaluation
GB10.1.1
Evaluating and assessing potential vendors
GB10.2 Secure software installation
GB10.2.1
Avoids downloading software from third-party websites or unverified sources
GB10.2.2
Reads permissions or privileges requested by software to asses whether it aligns with its intended functionality
GB10.2.3
Carefully reviews installation prompts and deselects the optional software
GB10.2.4
Conduct a thorough assessment of the vendor’s reputation, security practices, and track record
GB10.2.5
Ensure that vendor contracts include clear security obligations and service level agreements (SLAs)
GB10.3 Software security check
GB10.3.1
Updating, maintaining, and upgrading software to ensure it functions correctly
GB11
Incident Management
GB11.1 Incident detection
GB11.1.1
Establishes baseline behaviors and uses anomaly detection mechanisms to identify deviations
GB11.1.2
Conducts periodic vulnerability assesments and addresses the identified vulnerabilities promptly
GB11.1.3
Identify signs of threats like deepfake, vishing, smishing etc
GB11.2 Incident classification
GB11.2.1
Categorise incidents based on their impact and potential harm
GB11.2.2
Inform IT, security team, and management, about the incident’s classification and severity
GB11.3 Incident reporting
GB11.3.1
Establishes a well-defined process for reporting security incidents within the organization
GB11.3.2
Promptly report security incidents to the IT/Security team
GB11.3.3
Opens multiple incident reporting channels
GB11.4 Incident containment
GB11.4.1
Isolating affected systems or networks to prevent further spread of the threat
GB11.4.2
Address vulnerabilities that may have been exploited by the attacker to prevent reinfection
GB12
Data Privacy
GB12.1 Secure data handling
GB12.1.1
Handle data according to the organizational policies
GB12.2 Incident classification
GB12.2.1
Ensure data subject rights such as the right to access correct or delete their personal data
GB12.3 Data protection and privacy compliance
GB12.3.1
Consistently adheres to data protection laws and regulations, including GDPR, PDPA, and other relevant legislation
GB12.3.2
Adhere to regulatory guidelines for complaint resolution
GB12.3.3
Regularly conducts privacy impact assessments and updates data protection policies
GB12.4 Legal compliance and reporting
GB12.4.1
Proactively identify, report, and address any potential legal compliance issues or violations to the appropriate authority or compliance officer as required by law
GB13
Data Governance and Ethics
GB13.1 Adherence to guidelines
GB13.1.1
Complies to data privacy rules and regulations of the land when working with sensitive data
GB13.1.2
Follow organization protocol for software installation, pilot test, etc.
GB13.2 Ethical data use
GB13.2.1
Avoids introducing biases into data processing, ensuring fairness and objectivity in decision-making
GB13.2.2
Is transparent about how data is used and ensures the data use aligns with ethical standards
GB14
Information Validation
GB14.1 Credibility check
GB14.1.1
Cross-checks multiple reliable sources to verify information credibility
GB14.1.2
Contacts official channels for information related to organizations or government entities to verify its authenticity
GB14.2 Secure online research
GB14.2.1
Looks for verifiable data, credible research, and reliable sources cited within the information
GB14.2.2
Pays attention to timestamps of articles, posts, videos to ensure the information is relevant
Customer Help Desk Behavior (CHDB)
CHDB1
Enquiry Response
CHDB1.1 Customer identity verification
CHDB1.1.1
Establishes a streamlined process to verify the identities of customers before disclosing sensitive information
CHDB1.2 Secure customer communication
CHDB1.2.1
Establishes customer portals that uses strong encryption methods to protect customer data
CHDB2
Technical Support
CHDB2.1 Secure remote access
CHDB2.1.1
Regularly reviews and revokes remote access privileges when they are no longer needed
CHDB3
Record Maintenance
CHDB3.1 User permissions
CHDB3.1.1
Ensures that employees only have access to customer records required for their specific roles
CHDB3.2 Monitoring audit logs
CHDB3.2.1
Implements monitoring mechanisms to track access to customer records
Data Scientist Behavior (DSB)
DSB1
Secure Data Mining
DSB1.1 Secure data preparation
DSB1.1.1
Collects data in accordance with data privacy laws and takes appropriate measures to protect personally identifiable data (masking, anonymization)
DSB1.1.2
Maintains up-to-date antivirus software, firewalls and other security measures to protect data
DSB1.1.3
Performs checks for missing values, outliers or inconsistencies in data
DSB1.1.4
Works solely with necessary variables relevant to current analysis or modeling
DSB2
Secure A/B Testing
DSB2.1 Obtaining participant consent
DSB2.1.1
Communicates clearly the purpose of testing, data collected and any potential risks that might be involved
DSB2.2 Secure storage of testing data
DSB2.2.1
Stores data in encrypted databases or file systems
DSB2.2.2
Uses cryptographic techniques such as digital signature or hash functions to identify unauthorized tampering of data
DSB2.2.3
Minimizes the collection of sensitive or unnecessary information to reduce potential risks
Finance Department Behavior (FDB)
FDB1
Secure Accounting Practices
FDB1.1 Secure record keeping
FDB1.1.1
Follows a regular backup schedule for all financial records, including electronic files and paper documents
FDB1.1.2
Stores or deletes records in accordance with organization’s record-keeping policy
FDB1.1.3
Implements record integrity checks to detect and prevent unauthorized record alterations
FDB1.1.4
Limits access to the record preparation and storage software to authorized personnel only
Human Resource Behavior (HRB)
HRB1
Recruitment
HRB1.1 Secure candidate data collection
HRB1.1.1
Collects only absolutely necessary information required for the selection process
HRB1.2 Candidate data protection
HRB1.2.1
Stores candidate data securely through the lawful retention period
HRB1.2.2
Limits candidate data access to authorized personnel only
HRB1.2.3
Transmits recruitment data as password-protected documents
HRB1.2.4
Use strict access controls and encryption
HRB1.3 Candidate data archiving and retention
HRB1.3.1
Classifies candidate data based on organizational guidelines
HRB1.3.2
Explains data retention and obtains consent from the departing employeeClassifies candidate data based on organizational guidelines
HRB1.3.3
Adheres to privacy laws for data retention, storage, or deletion
HRB1.4 Secure candidate data deletion
HRB1.4.1
Uses secure data deletion methods to permanently erase candidate data
HRB1.4.2
Ensures candidate data removal to prevent unintended restoration or duplication
HRB2
Secure Employee Onboarding
HRB2.1 Ensure secure onboarding
HRB2.1.1
Ensure the signing of confidentiality agreements
HRB2.1.2
Conduct background verification
HRB3
Employee Data Management
HRB3.1 Mandatory record protection
HRB3.1.1
Secures employee data backups on cloud platforms and regularly tests restoration
HRB3.2 Maintaining employee performance and official records
HRB3.2.1
Standardizes record-keeping practices across the organization
HRB3.2.2
Verifies up-to-date and lawful employee record maintenance
HRB3.3 Facilitate employee training programs
HRB3.3.1
Ensures that all employees have attended mandatory cybersecurity training
HRB3.3.2
Sends reminders to employees to complete mandatory cybersecurity trainings on time
HRB3.3.3
Initiate disciplinary actions for cybersecurity violation
HRB4
Secure Employee Offboarding
HRB4.1 Ensure secure offboarding
HRB4.1.1
Promptly revokes access for an employee upon their exit
HRB4.1.2
Retreives company issued devices, access cards etc from the departing employee
HRB4.1.3
Reminds exiting employees of sticking to their confidentiality and non-disclosure obligations
HRB4.1.4
Conveys key details on departure, access termination, and data-handling instructions for knowledge transfer (Exit interview)
IT Behavior (ITB)
ITB1
Secure Network Management
ITB1.1 Secure patch management
ITB1.1.1
Follows a regular patching schedule to ensure that updates are made promptly
ITB1.1.2
Properly tracks and documents patch deployments
ITB1.1.3
Works closely with system owners and admins to ensure that their respective devices are patched in a timely manner
ITB1.2 Network segmentation
ITB1.2.1
Identifies and categorizes systems based on sensitivity
ITB1.2.2
Periodically reviews and updates network segmentation policies
HRB1.2.3
Clearly defines and enforces access controls for each network segment
ITB1.3 Ensure endpoint security
ITB1.3.1
Implements application whitelisting to allow only authorized applications to run on endpoints
ITB1.3.2
Isolates compromised endpoints from the network in the event of a network breach to prevent malware spread and limit damage
ITB1.4 Firewall configuration
ITB1.4.1
Clearly defines and documents firewall policies that align with the organization’s security requirements
ITB1.4.2
Conducts penetration testing and security assessments to identify and address vulnerabilities in the firewall configuration
ITB1.4.3
Regularly monitors firewall logs to detect and respond to suspicious behavior
ITB2
Secure System Administration
ITB2.1 User account management
ITB2.1.1
Implements a comprehensive user account lifecycle management process that includes account creation, modification, and timely deactivation when an employee leaves or changes roles
ITB2.1.2
Monitors user account activities to detect suspicious behavior
ITB2.1.3
Implements account lockout policies to protect against brute force attacks
ITB2.2 Secure documentation
ITB2.2.1
Uses version control systems to manage changes to documents
Marketing Department Behavior (MDB)
MDB1
Market Research
MDB1.1 Secure survey forms
MDB1.1.1
Uses secure protocols to encrypt online survey forms
MDB1.2 Data scrubbing and aggregation
MDB1.2.1
Removes direct identifiers and combines data in such a way that individuals cannot be identified
MDB1.3 Vendor due diligence
MDB1.3.1
Conducts thorough due diligence to assess the cybersecurity practices of third-party vendors
MDB2
Branding and Positioning
MDB2.1 Secure brand assets
MDB2.1.1
Protects brand assets by implementing measures like strong access controls, watermarking etc
MDB2.2 Secure websites
MDB2.2.1
Implements SSL/TLS certificates in websites to encrypt communication between users and the site
MDB2.2.2
Regularly updates and patches website’s software and plugins to address vulnerabilities
MDB2.3 Secure domain name
MDB2.3.1
Enables domain locking and uses strong registrar account passwords
MDB2.3.2
Regularly reviews and renews domain registrations to avoid expiration and potential unauthorized acquisitions
MDB3
Advertising and Promotion
MDB3.1 Secure ad platforms
MDB3.1.1
Uses strongly secured ad platforms to manage campaign data
MDB3.1.2
Implements strong , unique passwords and enables two factor authentication wherever possible
MDB4
Marketing Communications
MDB4.1 Secure media relations
MDB4.1.1
Shares information with media outlets only after verifying the authenticity of media contacts
MDB4.1.2
Clearly defines and sets internal protocols for media engagement to ensure that only authorized personnel communicate with media
Research and Development Behavior (RDB)
RDB1
Secure Intellectual Property Management
RDB1.1 Patent filings
RDB1.1.1
Maintains a secure record of the invention’s development process, iterations, details of all contributors and any other relevant information
RDB1.1.2
Ensures that external parties such as patent agents or attorneys sign non disclosure agreements when sharing invention details with them
RDB1.1.3
Avoids public disclosures of the invention before filing a patent application
RDB2
Secure Research and Analysis
RDB2.1 Secure research practices
RDB2.1.1
Uses only trusted research tools and services
RDB2.1.2
Ensures that all devices used for research are equipped with up-to-date antivirus software
RDB2.1.3
Discusses sensitive research matters only through secure and organization approved communication channels
Sales Department Behavior (SDB)
SDB1
Lead Generation
SDB1.1 Secure prospecting
SDB1.1.1
Uses only trusted data sources for obtaining prospect information (e.g., reading online reviews, checking whether these sources adhere to privacy laws, exploring data from industry-specific associations, asking for referrals from trusted contacts who have experience with using data sources for prospect information, etc)
SDB1.1.2
Communicate with prospects using secure communication channels that use end-to-end encryption (e.g., encrypted emails, secure communication channels like Microsoft Teams, Cisco Webex etc)
SDB1.1.3
Obtains consent from prospects before collecting data and handles them in a compliant manner
SDB1.2 Secure demos and presentations
SDB1.2.1
Uses mock data or anonymizes information whenever possible during presentation
SDB1.2.2
Avoids showing sensitive or confidential business data during presentations or demos
SDB1.2.3
Uses strong protection methods to secure devices used for presentations or demos (e.g., disk encryption, strong passwords, anti-malware software etc)
SDB1.3 Secure negotiations
SDB1.3.1
Ensures that non-disclosure agreements are signed by both parties (organization and prospects) involved in the negotiation before sharing confidential data
SDB1.3.2
Uses file-sharing platforms that help control who can access, download and modify negotiation-related data (e.g., Intralinks, Onehub, Box etc)
SDB2
Customer Relationship Management
SDB2.1 Data entry
SDB2.1.1
Avoids including sensitive or personal data that is not required for the sales or customer relationship management process
SDB2.1.2
Double checks the accuracy of data entered into the CRM platform
SDB2.1.3
Always logs out of the CRM platform when data entry tasks have been finished
SDB2.2 Reporting and analysis
SDB2.2.1
Restricts access to reporting and analysis features only to authorized personnel
SDB2.2.2
Implements data encryption during transit to prevent unauthorized access or interception
Supply Chain Management Behavior (SCMB)
SCMB1
Secure Inventory Management
SCMB1.1 Secure inventory tracking
SCMB1.1.1
Accurately records all inventory transactions in the tracking system
SCMB1.1.2
Secures inventory storage areas with physical security measures, including access controls, surveillance cameras and alarms
SCMB1.1.3
Implements audit logs to monitor and track who accesses inventory data and when
SCMB2
Secure Procurement Process
SCMB2.1 Digital signature verification
SCMB2.1.1
Ensure that the digital signature for contracts, purchase orders and delivery confirmations comes from the authorised person
SCMB2.1.2
Checks for any signs of the document being altered after the signature was applied
SCMB2.1.3
Ensures there is a trusted timestamp on the digital signature to ensure it was applied at a specific, verifiable time
SCMB2.1.4
Check that the digital certificate used to sign the document is currently valid and has not expired or been revoked
SCMB2.1.5
The signed document is transmitted over secure, encrypted channels (such as HTTPS) to prevent interception or tampering during transit
SCMB2.1.6
The recipient verifies that the signed document is the latest version and checks for any subsequent changes
Software Developer Behavior (SODB)
SODB1
Secure Coding Practices
SODB1.1 Safe input validation
SODB1.1.1
Validates inputs against a defined set of allowed values (using whitelists)
SODB1.1.2
Applies length restrictions on input fields to prevent buffer overflows and excessive data submission
SODB1.1.3
Consistently uses trusted input validation libraries and frameworks rather than writing custom validation code
SODB1.1.4
Ensures that all input is validated on the server side and not just the client side
SODB1.1.5
Ensures that the application handles invalid or malicious input gracefully, without crashing or revealing sensitive system information
SODB1.1.6
When integrating with external systems or third-party services, input data is validated to ensure it meets internal security requirements
SODB1.1.7
Regularly reviews logs for patterns of invalid input attempts
SODB1.1.8
Validates each step for multi-step or dependent inputs to ensure data integrity at every stage
SODB1.2 Secure error handling
SODB1.2.1
Ensures that error messages do not include detailed technical information that reveals internal logic or infrastructure details
SODB1.2.2
Ensures that detailed error information logged internally for debugging purposes is stored in a secure, access-controlled environment
SODB1.2.3
Implement checks to sanitize error logs to avoid capturing sensitive data
SODB1.2.4
Uses a centralized error handling mechanism to ensure consistent behavior across the application when errors occur
SODB1.2.5
Limits the amount of information provided in production error logs compared to development environments
SODB1.2.6
Logs errors related to security events with detailed information and flags them for further investigation
SODB1.3 Secure code reviews
SODB1.3.1
Actively checks for common security vulnerabilities such as those listed in the OWASP Top 10
SODB1.3.2
Ensures that the code adheres to proper business logic
SODB1.3.3
Ensures that all inputs are properly validated and sanitized
SODB1.3.4
Ensure that the code follows the principle of least privilege
SODB1.3.5
Checks whether unnecessary or untrusted libraries are included in the project to minimize the attack surface
SODB1.3.6
Ensures code simplicity to reduce the chances of introducing vulnerabilities due to complexity or unclear logic
SODB1.3.7
Ensures that critical sections of code are well-documented and contain comments that explain the security considerations involved
SODB1.3.8
Ensures that the code is reviewed against a predefined security checklist or framework
SODB1.3.9
Engage multiple reviewers to review critical code sections to ensure no vulnerabilities are overlooked
SODB2
Secure Management of Dependencies and Third-Party Libraries
SODB2.1 Secure dependency updation
SODB2.1.1
Routinely check for and apply updates to dependencies
SODB2.1.2
Specifies dependency versions in configuration files to avoid unintended updates that might introduce vulnerabilities
SODB2.1.3
Only downloads dependencies from reputable sources
SODB2.1.4
Configures builds to fail or raise alerts when vulnerabilities are detected in dependencies
SODB2.1.5
Checks the license of dependencies to ensure compliance with legal and organizational policies
SODB2.1.6
Maintains documentation of all dependency updates
SODB2.2 Secure maintenance of third-party libraries
SODB2.2.1
Conducts routine scans of third-party libraries to ensure that libraries’ licenses have not changed
SODB2.2.2
Maintain an up-to-date list of all third-party libraries used in the project, along with their versions and security status