One of the key approaches to mitigating insider threats is ensuring that access control policies are

strictly implemented and monitored. This includes the guideline that access granted to users should

be thoroughly documented and vetted by a supervisor. This control helps ensure that users have only

the access necessary to perform their job functions, reducing the risk of inappropriate access or

misuse of information. Proper documentation and supervisor approval also ensure accountability

and traceability of access decisions, which is crucial for detecting and responding to insider threats.

The human resources department plays a vital role in this process, working closely with IT and

security teams to enforce access control policies, conduct regular reviews of access rights, and

manage the onboarding and offboarding process to ensure that access rights are appropriately

updated.

Reference:The Incident Handler (ECIH v3) materials often emphasize the importance of

comprehensive access control measures and the role of human resources in preventing insider

threats by managing the lifecycle of employee access to organizational resources.