top of page

SecAware materials

SecAware logo

~3-page information security policy template on (malicious) hacking.


Malicious hacking of the organisation's information systems and networks is a serious threat to information and hence to the business. It cannot be tolerated. The organisation uses numerous information security controls against hacking.


Hacking can involve insiders acting independently or in collaboration with outsiders (perhaps coerced or fooled by social engineers).  Workers are expressly forbidden from malicious hacking, or bypassing, harming or disabling the anti-hacking controls, and are required to report hacking incidents, near misses and suspicions promptly.


[Benign hacking in the form of authorised penetration or vulnerability tests is permitted ... with appropriate controls.]


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Hacking policy

bottom of page