SecAware materials

SecAware logo 150 animated ezgif.gif

~2-page information security policy template concerning insider threats.


Information risks involving insider threats (i.e. workers who threaten to harm the organization by exploiting/using information) are to be managed conventionally i.e. identified, evaluated and treated appropriately.


This is a sensitive policy matter since most insiders are valuable assets and may naturally resent the implication that they constitute threats.  However, ignoring the issue or pretending it is not a problem won't make it go away.  This is a blind spot for many organisations, at least those who have yet to experience a serious insider incident and the shockwaves that follow.


The policy is quite brief and matter-of-fact - a warning shot across the bow of any disaffected, unethical workers contemplating "getting back" or "taking advantage" at the organisation.


The template specifically defines and uses the term "worker" to include those on the organisation's payroll (staff and management, remember) plus others who work for and to some extent under the control of the organisation but are employed and paid by third parties (e.g. contractors) or self-employed (e.g. lone consultants).  Their internal knowledge and access presents opportunities for wrongdoing that outsiders lack.


The policy on outsider threats naturally complements this one.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Insider threats policy