2½-page generic information security policy concerning insider threats.
Insider threats (i.e. workers who threaten to harm the organization's interests through information) are to be identified, assessed and treated through the use of appropriate information security controls. This is a sensitive policy matter since most insiders are information assets, not liabilities, and may naturally resent even the vague implication that they constitute threats. However, ignoring the issue won't make it go away.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Insider threats policy
Template policy on insider threats
See also the security policies on:
- Information governance
- Information ownership
- Information risk management
- Division of responsibilities
- Social engineering
- Information security architecture and design
- IT systems development and acquisition
- IT systems implementation
- Identification and authentication
- Access control
- Change and configuration management
- IT auditing