~3-page information security policy template on (malicious) hacking.
Malicious hacking of the organisation's information systems and networks is a serious threat to information and hence to the business. It cannot be tolerated. The organisation uses numerous information security controls against hacking.
Hacking can involve insiders acting independently or in collaboration with outsiders (perhaps coerced or fooled by social engineers). Workers are expressly forbidden from malicious hacking, or bypassing, harming or disabling the anti-hacking controls, and are required to report hacking incidents, near misses and suspicions promptly.
[Benign hacking in the form of authorised penetration or vulnerability tests is permitted ... with appropriate controls.]
Supplied as an MS Word document, readily customised for your organisation's specific situation.
Information security policy template on hacking
See also the policies on:
- Information risk management
- Social engineering
- Identification and authentication
- Physical security
- Access control
- Incident reporting
- Incident management
- IT systems development and acquisition
- IT systems implementation
- Database security
- Network security
- Monitoring and surveillance
- Audit and security logs
- Digital forensics
- Penetration testing