Sample Electronic Fraud Prevention Guidelines:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
Line 28: Line 28:
=='''Sample Electronic Fraud Prevention Guidelines'''==
=='''Sample Electronic Fraud Prevention Guidelines'''==
<br>
<br>
The <Your Company Name> (the "Company”) Electronic Fraud Prevention Guidelines defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br>
The '''<Your Company Name>''' (the "Company”) Electronic Fraud Prevention Guidelines defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br>
<br>
<br>
The '''Electronic Fraud Prevention Guidelines''' builds on the objectives established in the '''Vulnerability Management Standard''', and provides specific instructions and requirements for assessing and prioritizing vulnerabilities.<br>
The '''Electronic Fraud Prevention Guidelines''' builds on the objectives established in the '''Vulnerability Management Standard''', and provides specific instructions and requirements for assessing and prioritizing vulnerabilities.<br>
<br>
<br>
=='''I. Scope'''==
=='''I. Scope'''==
<br>
<br>

Revision as of 15:24, 22 September 2009

Document History


Version Date Revised By Description
1.0 1 August 2009 <Current date> Michael D. Peters <Owner's name> This version replaces any prior version.


Document Certification


Description Date Parameters
Designated document re-certification cycle in days: 30 - 90 - 180 - 365 <Select cycle>
Next document re-certification date: 1 August 2010 <Date>


Sample Electronic Fraud Prevention Guidelines


The <Your Company Name> (the "Company”) Electronic Fraud Prevention Guidelines defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.

The Electronic Fraud Prevention Guidelines builds on the objectives established in the Vulnerability Management Standard, and provides specific instructions and requirements for assessing and prioritizing vulnerabilities.

I. Scope


All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises or who have been granted access to Company information or systems, are covered by this policy and must comply with associated standards and guidelines.

Information Assets are defined in the Asset Identification and Classification Standard.

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Risk refers to the likelihood of loss, damage, or injury to information assets. Risk is present if a threat can exploit an actual vulnerability to adversely impact a sensitive information asset.

Sensitive Information refers to information that is classified as Restricted or Confidential. Refer to the Information Classification Standard for confidentiality classification categories.

Threats are the intentional or accidental actions, activities or events that can adversely impact Company information assets, as well as the sources, such as the individuals, groups, or organizations, of these events and activities.

Vishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.

Vulnerabilities refer the weaknesses in information system and procedures including technical, organizational, procedural, administrative, or physical weaknesses.

II. Objectives