A ~3 page generic information security policy about social engineering.
Workers must be alert and respond appropriately to the signs of possible social engineering attacks. Workers are further forbidden from using social engineering techniques inappropriately (excluding legitimate, appropriate and authorized uses for social engineering).
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Social engineering policy
A template policy on social engineering
See also the policies on:
- Information risk management
- Email and messaging security
- Backups and archives
- Incident reporting
- Incident management
- Business Continuity Management
- Physical information security
- Monitoring and surveillance
- Security awareness and training
- Access control
- Protecting proprietary information
- Protecting intellectual assets