Sample Threat Assessment and Monitoring Policy:: Difference between revisions
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== | ==Sample Threat Assessment and Monitoring Standard== | ||
The Threat Assessment and Monitoring Standard define Company objectives for establishing specific standards for the assessment and ongoing monitoring of threats to Company information assets. Company information assets are defined in the scope of the [[Sample Asset Identification and Classification Policy:|'''Asset Identification and Classification Policy''']].<br> | |||
==Objectives== | |||
== | |||
The Company will periodically identify, analyze, and prioritize threats to information assets and their supporting infrastructure. Findings from the threat assessment activities will be integrated, as appropriate, into the Security Awareness Program. Specific instructions and requirements for assessing threats are provided in the [[Sample Threat Assessment Standard:|'''Sample Threat Assessment Standard''']].<br> | The Company will periodically identify, analyze, and prioritize threats to information assets and their supporting infrastructure. Findings from the threat assessment activities will be integrated, as appropriate, into the Security Awareness Program. Specific instructions and requirements for assessing threats are provided in the [[Sample Threat Assessment Standard:|'''Sample Threat Assessment Standard''']].<br> | ||
<br> | <br> | ||
Line 21: | Line 11: | ||
The Company will develop and exercise formal plans for responding to Information Security intrusions and incidents. The Company must establish associated metrics for gauging the effectiveness of these plans. Specific instructions for responding to Information Security incidents are provided in the [[Sample Incident Response Standard:|'''Sample Incident Response Standard''']].<br> | The Company will develop and exercise formal plans for responding to Information Security intrusions and incidents. The Company must establish associated metrics for gauging the effectiveness of these plans. Specific instructions for responding to Information Security incidents are provided in the [[Sample Incident Response Standard:|'''Sample Incident Response Standard''']].<br> | ||
<br> | <br> | ||
== | ==Document Examples== | ||
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br> | |||
The | |||
<br> | <br> | ||
<gallery> | |||
Image:Threat Assessment and Monitoring Standard.png|Threat Assessment and Monitoring Standard page one of six. | |||
Image:Threat Assessment and Monitoring Standard(1).png|Threat Assessment and Monitoring Standard page two of six. | |||
Image:Threat Assessment and Monitoring Standard(2).png|Threat Assessment and Monitoring Standard page three of six. | |||
Image:Threat Assessment and Monitoring Standard(3).png|Threat Assessment and Monitoring Standard page four of six. | |||
Image:Threat Assessment and Monitoring Standard(4).png|Threat Assessment and Monitoring Standard page five of six | |||
Image:Threat Assessment and Monitoring Standard(5).png|Threat Assessment and Monitoring Standard page six of six | |||
</gallery> |
Latest revision as of 19:25, 14 January 2014
Sample Threat Assessment and Monitoring Standard
The Threat Assessment and Monitoring Standard define Company objectives for establishing specific standards for the assessment and ongoing monitoring of threats to Company information assets. Company information assets are defined in the scope of the Asset Identification and Classification Policy.
Objectives
The Company will periodically identify, analyze, and prioritize threats to information assets and their supporting infrastructure. Findings from the threat assessment activities will be integrated, as appropriate, into the Security Awareness Program. Specific instructions and requirements for assessing threats are provided in the Sample Threat Assessment Standard.
The Company will develop and exercise procedures for screening or identifying potential threat sources through means such as background checks, site evaluations, and financial ratings.
The Company will perform real-time intrusion detection monitoring and periodic intrusion detection analysis to detect threat and intrusion activity. The Company must establish and track representative metrics for gauging progress in this area. Specific instructions and requirements for monitoring and detecting threats are provided in the Sample Threat Monitoring Standard.
The Company will develop and exercise formal plans for responding to Information Security intrusions and incidents. The Company must establish associated metrics for gauging the effectiveness of these plans. Specific instructions for responding to Information Security incidents are provided in the Sample Incident Response Standard.
Document Examples
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.
-
Threat Assessment and Monitoring Standard page one of six.
-
Threat Assessment and Monitoring Standard page two of six.
-
Threat Assessment and Monitoring Standard page three of six.
-
Threat Assessment and Monitoring Standard page four of six.
-
Threat Assessment and Monitoring Standard page five of six
-
Threat Assessment and Monitoring Standard page six of six