top of page

SecAware materials

SecAware logo

~3 page information security policy template on social engineering.


Workers must be alert and respond appropriately to the signs of possible social engineering attacks, and are forbidden from using social engineering techniques inappropriately.


Social engineering is a 'dual use technology'.  Although information security professionals tend to think and speak of it in purely negative terms as a threat, marketing, security awareness, training, management, lobbying, debate and 'persuasion' are examples of social engineering being used legitimately and appropriately in the best interests of the business.


Raising awareness of the breadth of this topic is an obvious benefit of this policy. People who understand social engineering are more likely to spot and respond appropriately to the associated information risks. Managers should appreciate its potential as a form of security control (e.g. encouraging workers to behave ethically and responsibly through guidance, awareness and training).


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Social engineering policy

bottom of page