2½-page generic information security policy concerning insider threats.
Insider threats (i.e. workers who threaten to harm the organization's interests through information) are to be identified, assessed and treated through the use of appropriate information security controls. This is a sensitive policy matter since most insiders are information assets, not liabilities, and may naturally resent even the vague implication that they constitute threats. However, ignoring the issue won't make it go away.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Insider threats policy
Template policy on insider threats
See also the security policies on:
- Information governance
- Information ownership
- Information risk management
- Division of responsibilities
- Social engineering
- Fraud
- Cybersecurity
- Cybertage
- Information security architecture and design
- IT systems development and acquisition
- IT systems implementation
- Identification and authentication
- Access control
- Change and configuration management
- Oversight
- Assurance
- IT auditing
The license covers internal use within a single organisation. Please get in touch if you'd like to incorporate the SecAware content in your systems or services provided to third parties.