Which practice is central to assessing and managing insider threat risk in Annex B?

Implementing least privilege, separation of duties, monitoring, access reviews, and security awareness training creates a layered defense against insider risk. Giving people only the minimal rights they need reduces what insiders can do even if they have access. Separating critical duties prevents one person from carrying out harmful actions alone and helps detect conflicts of interest. Ongoing monitoring provides timely visibility into anomalous or unauthorized behavior, while regular access reviews ensure permissions stay aligned with current roles. Security awareness training reduces the likelihood of insider mistakes or misuse by increasing vigilance and responsible behavior. Annual audits alone miss the need for continuous oversight, and removing monitoring undermines the ability to detect and respond to insider activity, so those options don’t provide the same comprehensive protection.