3½-page generic policy on (malicious) hacking.
Malicious hacking of information systems and networks is a serious threat to information and hence to the organization and will not be tolerated. The organization's Information Security Management System (ISMS) incorporates a swathe of controls against hacking. Workers are collectively responsible for upholding the anti-hacking controls and reporting hacking incidents, near-misses and suspicions promptly ... and of course for not hacking, at least not without due authorization (e.g. pentesting).
Delivered as an editable MS Word document, readily customized for your organization's specific needs.
Template policy on hackers and hacking.
Revised Sept 2019.
See also the policies on:
- Social engineering
- Physical security
- Access control
- Inident management
- IT systems development and acquisition
- IT systems implementation
- Monitoring and surveillance
- Audit and security logs
- Digital forensics