Sample Threat Assessment and Monitoring Policy:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Sample Threat Assessment and Monitoring Standard

The Threat Assessment and Monitoring Standard define Company objectives for establishing specific standards for the assessment and ongoing monitoring of threats to Company information assets. Company information assets are defined in the scope of the Asset Identification and Classification Policy.

Objectives

The Company will periodically identify, analyze, and prioritize threats to information assets and their supporting infrastructure. Findings from the threat assessment activities will be integrated, as appropriate, into the Security Awareness Program. Specific instructions and requirements for assessing threats are provided in the Sample Threat Assessment Standard.

The Company will develop and exercise procedures for screening or identifying potential threat sources through means such as background checks, site evaluations, and financial ratings.

The Company will perform real-time intrusion detection monitoring and periodic intrusion detection analysis to detect threat and intrusion activity. The Company must establish and track representative metrics for gauging progress in this area. Specific instructions and requirements for monitoring and detecting threats are provided in the Sample Threat Monitoring Standard.

The Company will develop and exercise formal plans for responding to Information Security intrusions and incidents. The Company must establish associated metrics for gauging the effectiveness of these plans. Specific instructions for responding to Information Security incidents are provided in the Sample Incident Response Standard.

Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.