Every company is unique, so it could be worth developing your own methodology from the questions and recommendations that spycatcher organisations, governments and other cybersecurity experts suggest. 

First though, when developing your own methodology for minimising fraud, it is vital to never loose sight of these three basics:

• cyber fraud is a poor second to occupational fraud which costs, Association of Certified Fraud Examiners estimate*, corporates and governments at least $6.3bn (and probabaly much more)
• fraud can only be minimised, not eliminated. BITsight, the cyber fraud metrics company, say, “There is no guaranteed security, only less risk.” 
• fraud needs to be continously monitored and managed  (in real-time if possible), there is no let up

In developing your own methodology for minimising fraud an excellent starting point is place is what these organisations recommend:

• ’10 steps to Cyber security from UK’s GCHQ’ (UK Government Communications Headquarters) who monitor the Internet and many other networks, see
• SANS (System Administration, Networking, and Security Institute) ‘Critical Security Controls’ —a short list of controls developed by security experts world-wide based on practices that are known to be effective in reducing cyber risks
• NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity—combines a variety of cybersecurity standards and best practices together, see
• Shared Assessments—an organization that develops assessment questionnaires for use by its members, see
• ACFE’s Fraud Prevention Checklist, see 
• ’40 questions you should have in your vendor security assessment’ from BITsight which shows how to monitor and manage vendor security.

———

* Report to the Nations on Occupational Fraud and Abuse, see.