Country/Region

ReSeBI v1.2

Resilient Security Behavior Index

General behavior (GB)

GB1

Secure email use

GB1.1

Phishing Resilience
GB1.1.1
Avoids clicking on unknown links or opening mail attachments and deletes them promptly
GB1.1.2
Checks elements like email domain (part after the "@" symbol), poor grammar or spelling mistakes etc
GB1.1.3
Enables spam filters on email accounts to identify and filter out phishing emails

GB1.2

Secure Sending
GB1.2.1
Double checks email addresses before sending

GB1.3

Attachments/Link Verification
GB1.3.1
Scans attachments with an updated antivirus software before downloading it
GB1.3.2
Enables the display of file extensions on operating system to identify potential threats
GB1.3.3
Confirms legitimacy of the attachment with the sender before opening it
GB1.3.4
Only enables macros when opening attachments from trustworthy sources
GB1.3.5
Opens attachments only with applications specifically designed to handle these file types (e.g., opens pdf document with Adobe Acrobat)
GB1.3.6
Hovers over the link to see actual URL destination before clicking on it

GB2

Secure browsing practices

GB2.1

Secure browsing
GB2.1.1
Can identify encrypted and unencrypted website (e.g. by looking at the https lock icon)
GB2.1.2
Check for the presence of the HTTPS lock to differentiate between encrypted (HTTPS) and unencrypted (HTTP) websites
GB2.13
Sticks to trusted and reputable websites by verifying them carefully (typos in the URLs etc.)
GB2.1.4
Makes credit card purchases only on trust worthy sites
GB2.1.5
Avoids clicking on suspicious pop ups/ads/links
GB2.1.6
Does not use official SSO for personal website logins

GB2.2

Secure downloads
GB2.2.1
Downloads files only from reputable and official sources
GB2.2.2
Double checks buttons by hovering the mouse and checking the destination URL before initiating a download
GB2.2.3
Reads other user reviews for security vulnerabilities before downloading

GB3

Responsible Social Media Usage

GB3.1

Information Sharing on social media
GB3.1.1
Does not share personally identifiable information and excessive information about one's workplace on social platforms (e.g., location, contact details etc)
GB3.1.2
Check the accuracy of the post/message before sharing

GB3.2

Connection Request Evaluation
GB3.2.1
Only connects with trusted individuals and verifies their authenticity before accepting requests

GB3.3

Engaging with messages
GB3.3.1
Deletes suspicious messages or links

GB4

Responsible Device Management

GB4.1

Secure Mobile Device Usage
GB4.1.1
Enforcing screen locks (e.g., PIN, fingerprint, or facial recognition), enabling encryption, and using security apps to safeguard device integrity
GB4.1.2
Downloading apps only from trusted sources (e.g., app stores), and reviewing app permissions before installation
GB4.1.3
Following workplace policies related to mobile device security
GB4.1.4
Ensure regular data backups
GB4.1.5
Ensure secure disposal of mobile devices

GB4.2

Secure Computer Usage
GB4.2.1
Adhering to computer usage policies and guidelines set by the organisation
GB4.2.2
Regularly performing system maintenance tasks such as disk cleanup, defragmentation (if applicable), and hardware checks
GB4.2.3
Protecting computers from physical theft or tampering

GB4.3

Secure IoT usage
GB4.3.1
Changes the provided default credentials immediately after setting up an IoT device
GB4.3.2
Regularly updates the firmware and software of each IoT devices
GB4.3.3
Creates separate network segments or VLANs (Virtual Local Area Network) for IoT devices
GB4.3.4
Disables IoT devices when not in use
GB4.3.5
Regularly checks and reviews permissions granted to IoT devices
GB4.3.6
Properly researches various IoT devices available in the market before purchasing one

GB5

Secure remote work

GB5.1

Secure Wifi Usage
GB5.1.1
Avoids connecting to open or unsecured networks
GB5.1.2
Employs a strong and unique WiFi password for own networks

GB5.2

Secure VPN usage
GB5.2.1
Uses a trusted VPN service
GB5.2.2
Connects to a VPN while using an unfamiliar network

GB5.3

Secure online meetings
GB5.3.1
Double checks the participant list to verify that only intended participants are being invited to the meeting
GB5.3.2
Reviews participants using the waiting room feature before adding them to the meeting
GB5.3.3
Restricts file transfers, chat capabilities as necessary during meetings
GB5.3.4
Asks for consent before recording meetings

GB6

Secure AI/ LLM Usage

GB6.1

Secure usage of research assistants (GPT)
GB6.1.1
Does not copy and paste information as it is from AI/LLM platforms
GB6.1.2
Is careful enough to not divulge highly confidential business information/ personally identifiable information to AI/LLM platforms
GB6.1.3
Regularly review permissions

GB6.2

Document Review
GB6.2.1
Removes personally identifiable information or sensitive data from documents before uploading them to the AI/LLM platforms

GB7

Logical Access Control

GB7.1

Access Credentials Management
GB7.1.1
Creates complex passwords with or without enforcement
GB7.1.2
Does not write down passwords or store in a soft copy
GB7.1.3
Creates separate passwords across accounts
GB7.1.4
Pro-actively uses a password manager
GB7.1.5
Changes password diligently when prompted by the system or application
GB7.1.6
Using encryption measures for data protection (TLS, SSL, etc.)
GB7.1.7
Opts for MFA even when it is only an option
GB7.1.8
Selects the most secure MFA option (e.g., OTP generated by app rather than SMS)
GB7.1.9
Select the SSO option for signing-in for all work-related accounts
GB7.1.10
Keeps up-to-date with SSO best practices and guidelines

GB8

Physical Access Control

GB8.1

Access card management
GB8.1.1
Stores physical access cards in secure places when not in use
GB8.1.2
Does not share own or use others' access cards
GB8.1.3
Promptly reports lost or stolen access cards
GB8.1.4
Makes use of the appropriate channel to report lost or stolen cards

GB8.2

Secure access to facilities
GB8.2.1
Use secure and authorized methods (such as biometrics, PINs, or access cards) to authenticate identity before gaining physical access
GB8.2.2
Adhere to the escort policy, ensuring that authorized personnel accompany visitors within secure areas for compliance
GB8.2.3
A systematic approach is followed to register all visitors and issue temporary access credentials when entering secure areas
GB8.2.4
Prioritise safety by not misusing emergency exits for unauthorized access or exit, enhancing safety protocols
GB8.2.5
Lock office doors, filing cabinets, or other secure areas when they are not in use, especially in shared or open spaces
GB8.2.6
Ensure that all security cameras and surveilance systems are operational and avoids tampering with it

GB9

Secure Information Management

GB9.1

Information categorization
GB9.1.1
Classify information based on its sensitivity

GB9.2

Information permissions
GB9.2.1
Sets appropriate file permissions and access levels for documents and folders
GB9.2.2
Double-checks to ensure that the correct file permissions are enabled before sharing the files or folders with others

GB9.3

Information sharing
GB9.3.1
Checks recipient addresses before sending files
GB9.3.2
Uses strong passwords to secure the file sharing account
GB9.3.3
Uses only company approved information sharing channels

GB10

Choosing third party services

GB10.1

Vendor evaluation
GB10.1.1
Evaluating and assessing potential vendors
GB10.1.2
Ensuring that vendors adhere to security and compliance standards

GB10.2

Secure Software Installation
GB10.2.1
Avoids downloading software from third party websites or unverified sources
GB10.2.2
Reads permissions or privileges requested by software to asses whether it aligns with its intended functionality
GB10.2.3
Carefully reviews installation prompts and deselects the optional software
GB10.2.4
Conduct a thorough assessment of the vendor's reputation, security practices, and track record
GB10.2.5
Ensure that vendor contracts include clear security obligations and service level agreements (SLAs)

GB10.3

Software security check
GB10.3.1
Updating, maintaining, and upgrading software to ensure it functions correctly

GB11

Incident management

GB11.1

Incident detection
GB11.1.1
Establishes baseline behaviors and uses anomaly detection mechanisms to identify deviations
GB11.1.2
Conducts periodic vulnerability assesments and addresses the identified vulnerabilities promptly
GB11.1.3
Identify signs of threats like deepfake, vishing, smishing etc

GB11.2

Incident classification
GB11.2.1
Categorise incidents based on their impact and potential harm
GB11.2.2
Inform IT, security team, and management, about the incident's classification and severity

GB11.3

Incident reporting
GB11.3.1
Establishes a well-defined process for reporting security incidents within the organisation
GB11.3.2
Promptly report security incidents to the IT/Security team
GB11.3.3
Opens multiple incident reporting channels

GB11.4

Incident containment
GB11.4.1
Isolating affected systems or networks to prevent further spread of the threat
GB11.4.2
Address vulnerabilities that may have been exploited by the attacker to prevent reinfection

GB12

Data Privacy

GB12.1

Secure data handling
GB12.1.1
Handle data according to the organisational policies

GB12.2

Ensure data subject rights
GB12.2.1
Ensure data subject rights such as the right to access correct or delete their personal data

GB12.3

Data protection and privacy compliance
GB12.3.1
Consistently adheres to data protection laws and regulations, including GDPR, PDPA, and other relevant legislation
GB12.3.2
Adhere to regulatory guidelines for complaint resolution
GB12.3.3
Regularly conducts privacy impact assessments and updates data protection policies

GB12.4

Legal compliance and reporting
GB12.4.1
Proactively identify, report, and address any potential legal compliance issues or violations to the appropriate authority or compliance officer as required by law

GB13

Data Governance and Ethics

GB13.1

Adherence to guidelines
GB13.1.1
Complies to data privacy rules and regulations of the land when working with sensitive data
GB13.1.2
Follow organization protocol for software installation, pilot test, etc.

GB13.2

Ethical data use
GB13.2.1
Avoids introducing biases into data processing, ensuring fairness and objectivity in decision-making.
GB13.2.2
Is transparent about how data is used and ensures the data use aligns with ethical standards.

GB14

Information validation

GB14.1

Credibility check
GB14.1.1
Cross checks multiple reliable sources to verify information credibility
GB14.1.2
Contacts official channels for information related to organisations or government entities to verify its authenticity

GB14.2

Secure online research
GB14.2.1
Looks for verifiable data, credible research and reliable sources cited within the information
GB14.2.2
Pays attention to timestamps of articles, posts , videos to ensure the information is relevant

Data Scientist behavior (DSB)

DSB1

Secure data mining

DSB1.1

Secure data preparation
DSB1.1.1
Collects data in accordance with data privacy laws and takes appropriate measures to protect personally identifiable data (masking, anonymization)
DSB1.1.2
Maintains up-to-date antivirus software, firewalls and other security measures to protect data
DSB1.1.3
Performs checks for missing values, outliers or inconsistencies in data
DSB1.1.4
Works solely with necessary variables relevant to current analysis or modeling

DSB2

Secure A/B testing

DSB2.1

Obtaining participant consent
DSB2.1.1
Communicates clearly the purpose of testing, data collected and any potential risks that might be involved

DSB2.2

Secure storage of testing data
DSB2.2.1
Stores data in encrypted databases or file systems
DSB2.2.2
Uses cryptographic techniques such as digital signature or hash functions to identify unauthorised tampering of data
DSB2.2.3
Minimises the collection of sensitive or unnecessary information to reduce potential risks

Human Resource behavior (HRB)

HRB1

Recruitment

HRB1.1

Secure candidate data collection
HRB1.1.1
Collects only absolutely necessary information required for the selection process

HRB1.2

Candidate data protection
HRB1.2.1
Stores candidate data securely through the lawful retention period
HRB1.2.2
Limits candidate data access to authorised personnel only
HRB1.2.3
Transmits recruitment data as password protected documents
HRB1.2.4
Use strict access controls and encryption

HRB1.3

Candidate data archiving and retention
HRB1.3.1
Classifies candidate data based on organisational guidelines
HRB1.3.2
Explains data retention and obtains consent from the departing employee
HRB1.3.3
Adheres to privacy laws for data retention, storage, or deletion

HRB1.4

Secure candidate data deletion
HRB1.4.1
Uses secure data deletion methods to permanently erase candidate data
HRB1.4.2
Ensures candidate data removal to prevent unintended restoration or duplication

HRB2

Secure employee onboarding

HRB2.1

Ensure secure onboarding
HRB2.1.1
Ensure the signing of confidentiality agreements
HRB2.1.2
Conduct background verification

HRB3

Employee Data Management

HRB3.1

Mandatory Record Protection
HRB3.1.1
Secures employee data backups on cloud platforms and regularly tests restoration

HRB3.2

Maintaining employee performance and official records
HRB3.2.1
Standardizes record-keeping practices across the organisation
HRB3.2.2
Verifies up-to-date and lawful employee record maintenance

HRB3.3

Facilitate employee training programs
HRB3.3.1
Ensures that all employees have attended mandatory cyber security training
HRB3.3.2
Sends reminders to employees to complete mandatory cyber security trainings on time
HRB3.3.3
Initiate disciplinary actions for cyber security violation

HRB4

Secure employee offboarding

HRB4.1

Ensure secure offboarding
HRB4.1.1
Promptly revokes access for an employee upon their exit
HRB4.1.2
Retreives company issued devices, access cards etc from the departing employee
HRB4.1.3
Reminds exiting employees of sticking to their confidentiality and non-disclosure obligations
HRB4.1.4
Conveys key details on departure, access termination, and data-handling instructions for knowledge transfer (Exit interview)

Finance Department behavior (FDB)

FDB1

Secure accounting practices

FDB1.1

Secure record keeping
FDB1.1.1
Follows a regular back up schedule for all financial records, including electronic files and paper documents
FDB1.1.2
Stores or deletes records in accordance with organisation's record keeping policy
FDB1.1.3
Implements record integrity checks to detect and prevent unauthorized record alterations
FDB1.1.4
Limits access to the record preparation and storage software to authorized personnel only

Sales Department behavior (SDB)

SDB1

Lead Generation

SDB1.1

Secure prospecting
SDB1.1.1
Uses only trusted data sources for obtaining prospect information (e.g., reading online reviews, checking whether these sources adhere to privacy laws, exploring data from industry specific associations, asking for refferals from trusted contacts who have experience with using data sources for prospect information etc)
SDB1.1.2
Communicate with prospects using secure communication channels that use end to end encryption (e.g., encrypted emails, secure communication channels like Microsoft Teams, Cisco Webex etc)
SDB1.1.3
Obtains consent from prospects before collecting data and handles them in a compliant manner

SDB1.2

Secure demos and presentations
SDB1.2.1
Uses mock data or anonymizes information whenever possible during presentation
SDB1.2.2
Avoids showing sensitive or confidential business data during presentations or demos
SDB1.2.3
Uses strong protection methods to secure devices used for presentations or demos (e.g., disk encryption, strong passwords, anti malware software etc)

SDB1.3

Secure negotiations
SDB1.3.1
Ensures that non-disclosure agreements are signed by both parties (organisation and prospects) involved in the negotiation before sharing confidential data
SDB1.3.2
Uses file sharing platforms that helps control who can access, download and modify negotiation related data (e.g., Intralinks, Onehub, Box etc)

SDB2

Customer Relationship Management

SDB2.1

Data entry
SDB2.1.1
Avoids including sensitive or personal data that is not required for the sales or customer relationship management process
SDB2.1.2
Double checks the accuracy of data entered into the CRM platform
SDB2.1.3
Always logs out of the CRM platform when data entry tasks have been finished

SDB2.2

Reporting and Analysis
SDB2.2.1
Restricts access to reporting and analysis features only to authorised personnel
SDB2.2.2
Implements data encryption during transit to prevent unauthorized access or interception

Marketing Department behavior (MDB)

MDB1

Market Research

MDB1.1

Secure survey forms
MDB1.1.1
Uses secure protocols to encrypt online survey forms

MDB1.2

Data Scrubbing and Aggregation
MDB1.2.1
Removes direct identifiers and combines data in such a way that individuals cannot be identified

MDB1.3

Vendor Due Diligence
MDB1.3.1
Conducts thorough due diligence to assess the cyber security practices of third-party vendors

MDB2

Branding and Positioning

MDB2.1

Secure brand assets
MDB2.1.1
Protects brand assets by implementing measures like strong access controls, watermarking etc

MDB2.2

Secure websites
MDB2.2.1
Implements SSL/TLS certificates in websites to encrypt communication between users and the site
MDB2.2.2
Regularly updates and patches website's software and plugins to address vulnerabilities

MDB2.3

Secure domain name
MDB2.3.1
Enables domain locking and uses strong registrar account passwords
MDB2.3.2
Regularly reviews and renews domain registrations to avoid expiration and potential unauthorized acquistions

MDB3

Advertising and Promotion

MDB3.1

Secure Ad platforms
MDB3.1.1
Uses strongly secured ad platforms to manage campaign data
MDB3.1.2
Implements strong , unique passwords and enables two factor authentication wherever possible

MDB4

Marketing communications

MDB4.1

Secure media relations
MDB4.1.1
Shares information with media outlets only after verifying authenticity of media contacts
MDB4.1.2
Clearly defines and sets internal protocols for media engagement to ensure that only authorized personnel communicate with media

Customer Help Desk behavior (CHDB)

CHDB1

Enquiry response

CHDB1.1

Customer identity verification
CHDB1.1.1
Establishes a streamlined process to verify the identities of customers before disclosing sensitive information

CHDB1.2

Secure customer communication
CHDB1.2.1
Establishes customer portals that uses strong encryption methods to protect customer data

CHDB2

Technical support

CHDB2.1

Secure remote access
CHDB2.1.1
Regularly reviews and revokes remote access privileges when they are no longer needed

CHDB3

Record maintenance

CHDB3.1

User permissions
CHDB3.1.1
Ensures that employees only have access to customer records required for their specific roles

CHDB3.2

Monitoring audit logs
CHDB3.2.1
Implements monitoring mechanisms to track access to customer records

Research and Development behavior (RDB)

RDB1

Secure intellectual property management

RDB1.1

Patent filings
RDB1.1.1
Maintains a secure record of the invention's development process, iterations, details of all contributors and any other relevant information
RDB1.1.2
Ensures that external parties such as patent agents or attorneys sign non disclosure agreements when sharing invention details with them
RDB1.1.3
Avoids public disclosures of the invention before filing a patent application

RDB2

Secure research and analysis

RDB2.1

Secure research practices
RDB2.1.1
Uses only trusted research tools and services
RDB2.1.2
Ensures that all devices used for research are equipped with up-to-date antivirus software
RDB2.1.3
Discusses sensitive research matters only through secure and organisation approved communication channels

Supply Chain Management behavior (SCMB)

SCMB1

Secure inventory management

SCMB1.1

Secure inventory tracking
SCMB1.1.1
Accurately records all inventory transactions in the tracking system
SCMB1.1.2
Secures inventory storage areas with physical security measures, including access controls, surveillance cameras and alarms
SCMB1.1.3
Implements audit logs to monitor and track who acesses inventory data and when

SCMB2

Secure Procurement Process

SCMB2.1

Digital Signature Verification
SCMB2.1.1
Ensure that the digital signature for contracts, purchase orders and delivery confirmations comes from the authorised person
SCMB2.2.2
Checks for any signs of the document being altered after the signature was applied
SCMB2.2.3
Ensures there is a trusted timestamp on the digital signature to ensure it was applied at a specific, verifiable time
SCMB2.2.4
Check that the digital certificate used to sign the document is currently valid and has not expired or been revoked
SCMB2.2.5
The signed document is transmitted over secure, encrypted channels (such as HTTPS) to prevent interception or tampering during transit.
SCMB2.2.6
The recipient verifies that the signed document is the latest version and checks for any subsequent changes.

Software Developer Behavior (SODB)

SODB1

Secure Coding Practices

SODB1.1

Safe Input Validation
SODB1.1.1
Validates inputs against a defined set of allowed values (using whitelists).
SODB1.1.2
Applies length restrictions on input fields to prevent buffer overflows and excessive data submission.
SODB1.1.3
Consistently uses trusted input validation libraries and frameworks rather than writing custom validation code.
SODB1.1.4
Ensures that all input is validated on the server side and not just the client side.
SODB1.1.5
Ensures that the application handles invalid or malicious input gracefully, without crashing or revealing sensitive system information.
SODB1.1.6
When integrating with external systems or third-party services, input data is validated to ensure it meets internal security requirements.
SODB1.1.7
Regularly reviews logs for patterns of invalid input attempts.
SODB1.1.8
Validates each step for multi-step or dependent inputs to ensure data integrity at every stage.

SODB1.2

Secure Error Handling
SODB1.2.1
Ensures that error messages do not include detailed technical information that reveals internal logic or infrastructure details.
SODB1.2.2
Ensures that detailed error information logged internally for debugging purposes is stored in a secure, access-controlled environment.
SODB1.2.3
Implement checks to sanitize error logs to avoid capturing sensitive data.
SODB1.2.4
Uses a centralized error handling mechanism to ensure consistent behavior across the application when errors occur.
SODB1.2.5
Limits the amount of information provided in production error logs compared to development environments.
SODB1.2.6
Logs errors related to security events with detailed information and flags them for further investigation.

SODB1.3

Secure Code Reviews
SODB1.3.1
Actively checks for common security vulnerabilities such as those listed in the OWASP Top 10
SODB1.3.2
Ensures that the code adheres to proper business logic.
SODB1.3.3
Ensures that all inputs are properly validated and sanitized.
SODB1.3.4
Ensure that the code follows the principle of least privilege.
SODB1.3.5
Checks whether unnecessary or untrusted libraries are included in the project to minimize the attack surface.
SODB1.3.6
Ensures code simplicity to reduce the chances of introducing vulnerabilities due to complexity or unclear logic.
SODB1.3.7
Ensures that critical sections of code are well-documented and contain comments that explain the security considerations involved.
SODB1.3.8
Ensures that the code is reviewed against a predefined security checklist or framework.
SODB1.3.9
Engage multiple reviewers to review critical code sections to ensure no vulnerabilities are overlooked.

SODB2

Secure Management of Dependencies and Third-Party Libraries

SODB2.1

Secure Dependency Updation
SODB2.1.1
Routinely check for and apply updates to dependencies.
SODB2.1.2
Specifies dependency versions in configuration files to avoid unintended updates that might introduce vulnerabilities.
SODB2.1.3
Only downloads dependencies from reputable sources.
SODB2.1.4
Configures builds to fail or raise alerts when vulnerabilities are detected in dependencies.
SODB2.1.5
Checks the license of dependencies to ensure compliance with legal and organizational policies.
SODB2.1.6
Maintains documentation of all dependency updates.

SODB2.2

Secure maintenance of third-party libraries
SODB2.2.1
Conducts routine scans of third-party libraries to ensure that libraries’ licenses have not changed.
SODB2.2.2
Maintain an up-to-date list of all third-party libraries used in the project, along with their versions and security status.
SODB2.2.3
Has a contingency plan for quickly patching or replacing vulnerable libraries.

Book a Free Demo

Reduce human cyber risk with targeted training.

Get a guided walkthrough — at a time that suits your timezone.

Book a Free Demo
Book a demo