This IT Security Policy describes the standard operating policies that will be followed to maintain high level of security for the data processed in the Company. These policies will be applied to all business processes and entities that will be operational under Company. The infrastructure and support to IT controls, policies and procedures is provided by the Technology Helpdesk team.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. YOUR RESPONSIBILITY
4. AUDIT & COMPLIANCE
4.1 AUDITS
4.2 POLICY COMPLIANCE
5. REPORTING INCIDENTS
6. WORKING ENVIRONMENT
6.1 CLEAR DESK
6.2 COMPUTER SECURITY
6.3 PHYSICAL SECURITY OF LAPTOPS AND DESKTOPS
6.4 LOST OR STOLEN EQUIPMENT
6.5 SAFE BOOT
6.6 DAMAGED EQUIPMENT
6.7 TAKING IT EQUIPMENT OFF SITE
6.8 BUILDING SECURITY
6.9 PHONES & VIDEO CONFERENCING
6.10 MOBILES
6.11 PORTABLE STORAGE DEVICES
6.12 STANDARD WORKSTATION CONFIGURATION
7. PHYSICAL SECURITY & OPERATING ENVIRONMENT
7.1 PROTECT YOUR LAPTOP
7.2 WORKSTATION/ DESKTOP
8. SYSTEM ACCESS
8.1 PASSWORDS
8.2 REVIEW OF USER ACCESS
8.3 USER ACCESS TO DATA, INFORMATION AND SOFTWARE NETWORK ACCESS
8.4 REMOTE ACCESS – SECURID AND CERTIFICATE
8.5 EXTERNAL NETWORK
9. NON COMPANY EQUIPMENT
10. SCREEN SAVERS & ANTIVIRUS
10.1 SCREEN SAVERS
10.2 ANTI-VIRUS
10.3 VIRUS WARNINGS AND HOAXES
10.4 VIRUS INCIDENT REPORTING
11. EMAIL & INTERNET
11.1 USE OF E-MAIL
11.2 INTERNET USE
11.3 MONITORING
12. SOFTWARE USAGE
13. STORAGE BACKUP & MEDIA DISPOSAL
13.1 STANDARDS FOR INFORMATION CLASSIFICATION
13.2 BACKUP
13.3 MEDIA DISPOSAL
13.4 DATA DESTRUCTION
13.5 PRINTING & PRESENTATION
14. COMPUTER SECURITY
14.1 DATA PROTECTION
14.2 COMPUTER MISUSE
14.3 SOFTWARE LICENSES
15. IT POLICIES & GUIDELINES
15.1 GENERAL
15.2 HARDWARE
15.3 NETWORKS
15.4 CLIENT LICENSED SOFTWARE
15.5 DATA AND SOFTWARE SECURITY
15.6 CONSUMABLES
15.7 PERSONAL USE
15.8 TECHNOLOGY TRAINING
15.9 USER ID & PASSWORD
15.10 USE OF INSTANT MESSAGING AND LIVE MEETING
16. EXCEPTIONS
17. FINAL CONSIDERATIONS
17.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
17.2 DOCUMENT REVISION
Pages: 25
The purpose of the Information Security Incident Handling Policy is to develop a framework for timely and effective handling of information security incidents.
The Security Incident Management Standard sets the minimum requirements for security incident management in support of the IT Risk Policy for Information Security, including requirements for analyzing, handling and reporting of security incidents.
This bundle contains all the products listed in the Data Governance section. Take advantage of the 25% OFF when buying the bundle!
Review IT Security Policy – Template 3.
You must be logged in to post a review.