Medium

Privilege account monitoring

Creation of new accounts with privileged authorisations, mutations in user groups through which privileged authorisations can be obtained and changes in passwords for non-personal privileged accounts are approved Potential abuse...

Multi-Factor Authentication

Users must use a second factor to authenticate before accessing sensitive data or functionality. Users are allowed to mark devices as trusted, not requiring MFA on that specific device for...

Defining user management

System owners define how user management takes place, including who is authorised to request changes to which user roles and how this can be requested/managed. System owners determine the access...

Non-Disclosure Agreements

When working with sensitive information, individuals are required to agree with and sign a non-disclosure agreement (NDA). At a minimum the NDA specifies how the individual should handle the sensitive...

Staged warning model

The organisation has a policy for disciplinary action and inappropriate handling of information. Police reports will be filed when willfully breaking of the law or actions with criminal intent are...

Identification

Before commencement of processing activities all individuals working with data and systems have been identified using a nationally issued Identification Document or through a trusted federated identity provider.