3½-page generic policy on (malicious) hacking.
Malicious hacking of information systems and networks is a serious threat to information and hence to the organization and will not be tolerated. The organization's Information Security Management System incorporates a swathe of controls against hacking. Workers are collectively responsible for upholding the anti-hacking controls and reporting hacking incidents, near-misses and suspicions promptly ... and of course for not hacking, at least not without due authorization (e.g. pentesting).
Delivered as an editable MS Word document, readily customized for your organization's specific needs.
Template policy on hackers and hacking.
See also the policies on:
- Information risk management
- Social engineering
- Identification and authentication
- Physical security
- Access control
- Incident management
- IT systems development and acquisition
- IT systems implementation
- Database security
- Network security
- Monitoring and surveillance
- Audit and security logs
- Digital forensics