Sample Security Awareness Policy:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
=='''Sample Security Awareness Policy'''==
==Sample Security Awareness Standard==
<br>
This Security Awareness Standard defines Company objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']]. and associated policies, standards, guidelines, and procedures.
As stated in the Company [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']], the Company will follow a risk management approach to develop and implement Information Security policies, standards, guidelines, and procedures. The Information Security Program will ensure that the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies, standards, guidelines, and procedures are properly communicated and understood by establishing a Security Awareness Program to facilitate awareness.<br>
 
<br>
==Objectives==
This Security Awareness Policy defines Company objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies, standards, guidelines, and procedures.<br>
The Company [[Sample Information Security Program Charter:|'''Information Security Program Charter''']] and relevant policies, standards and guidelines must be properly communicated to Company corporate and business unit management. Specific instructions and requirements for providing security awareness education and training for Company management are provided in the [[Sample Management Awareness Standard:|'''Management Awareness Standard''']].<br>
<br>
=='''I. Scope'''==
<br>
All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to Company information or systems, are covered by this policy and must comply with associated standards and guidelines.<br>
<br>
=='''II. Objectives'''==
<br>
<br>
The Company [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and relevant policies, standards and guidelines must be properly communicated to Company corporate and business unit management. Specific instructions and requirements for providing security awareness education and training for Company management are provided in the [[Sample Management Awareness Standard:|'''Sample Management Awareness Standard''']].<br>
The Company [[Sample Information Security Program Charter:|'''Information Security Program Charter''']] and relevant policies, standards, and guidelines must be properly communicated to and understood by all newly hired Company employees. Newly hired Company employees must be provided with the appropriate security awareness education and training. Specific instructions and requirements for providing security awareness education and training for new Company employees are provided in the [[Sample New Hire Security Awareness Standard:|'''New Hire Security Awareness Standard''']].<br>
<br>
<br>
The Company [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and relevant policies, standards, and guidelines must be properly communicated to and understood by all newly hired Company employees. Newly hired Company employees must be provided with the appropriate security awareness education and training. Specific instructions and requirements for providing security awareness education and training for new Company employees are provided in the [[Sample New Hire Security Awareness Standard:|'''Sample New Hire Security Awareness Standard''']].<br>
The Company [[Sample Information Security Program Charter:|'''Information Security Program Charter''']] and relevant policies, standards, and guidelines must be properly communicated to and understood by all contractors, partners and consultants. Specific instructions and requirements for providing security awareness education and training for contractors, partners, and consultants are provided in the [[Sample Third Party Security Awareness Standard:|'''Third Party Security Awareness Standard''']].<br>
<br>
<br>
The Company [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and relevant policies, standards, and guidelines must be properly communicated to and understood by all contractors, partners and consultants. Specific instructions and requirements for providing security awareness education and training for contractors, partners, and consultants are provided in the [[Sample Third Party Security Awareness Standard:|'''Sample Third Party Security Awareness Standard''']].<br>
All Company employees will be provided with recurring and ongoing education and training to ensure continued awareness, and address emerging risks or topics of interest. Specific instructions and requirements for providing security awareness education and training for Company employees are provided in the [[Sample Ongoing Security Awareness Standard:|'''Ongoing Security Awareness Standard''']].<br>
<br>
<br>
All Company employees will be provided with recurring and ongoing education and training to ensure continued awareness, and address emerging risks or topics of interest. Specific instructions and requirements for providing security awareness education and training for Company employees are provided in the [[Sample Ongoing Security Awareness Standard:|'''Sample Ongoing Security Awareness Standard''']].<br>
All Company employees will be provided appropriate access to the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']] and relevant policies, standards, and guidelines. Specific instructions are provided in the Security Awareness Standard.<br>
<br>
All Company employees will be provided appropriate access to the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and relevant policies, standards, and guidelines. Specific instructions are provided in the Security Awareness Standard.<br>
<br>
<br>


=='''III. Responsibilities'''==
==Document Examples==
<br>
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br>
The Chief Information Officer (CIO) is the approval authority for the Security Awareness Policy.<br>
<br>
The Chief Information Security Officer (CISO) is responsible for the development, implementation, and maintenance of the Security Awareness Policy and the associated standards and guidelines.<br>
<br>
Company management is responsible for ensuring that the Security Awareness Policy and associated standards and guidelines are properly communicated and understood within their respective organizational units.<br>
<br>
All individuals, groups or organizations identified in the scope of this policy are responsible for familiarizing themselves with and complying with the Security Awareness Policy and associated standards, guidelines, and procedures.<br>
<br>
=='''IV. Policy Enforcement and Exception Handling'''==
<br>
Failure to comply with the Security Awareness Policy and associated standards, guidelines and procedures can result in disciplinary actions up to and including termination of employment for employees, or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.<br>
<br>
Requests for exceptions to the Security Awareness Policy should be submitted to <Title>. Exceptions shall be permitted only on receipt of written approval from <Title>.<br>
<br>
=='''V. Review and Revision'''==
<br>
The Security Awareness Policy will be reviewed and revised in accordance with the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']].<br>
<br>
Approved: _______________________________________________________<br>
<br>
::Signature<br>
<br>
::<Insert Name><br>
<br>
::Chief Information Officer<br>
<br>
<br>
<gallery>
Image:Security Awareness Standard.png|Security Awareness Standard page one of five.
Image:Security Awareness Standard(1).png|Security Awareness Standard page two of five.
Image:Security Awareness Standard(2).png|Security Awareness Standard page three of five.
Image:Security Awareness Standard(3).png|Security Awareness Standard page four of five.
Image:Security Awareness Standard(4).png|Security Awareness Standard page five of five
</gallery>

Latest revision as of 19:53, 14 January 2014

Sample Security Awareness Standard

This Security Awareness Standard defines Company objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the Information Security Program Charter. and associated policies, standards, guidelines, and procedures.

Objectives

The Company Information Security Program Charter and relevant policies, standards and guidelines must be properly communicated to Company corporate and business unit management. Specific instructions and requirements for providing security awareness education and training for Company management are provided in the Management Awareness Standard.

The Company Information Security Program Charter and relevant policies, standards, and guidelines must be properly communicated to and understood by all newly hired Company employees. Newly hired Company employees must be provided with the appropriate security awareness education and training. Specific instructions and requirements for providing security awareness education and training for new Company employees are provided in the New Hire Security Awareness Standard.

The Company Information Security Program Charter and relevant policies, standards, and guidelines must be properly communicated to and understood by all contractors, partners and consultants. Specific instructions and requirements for providing security awareness education and training for contractors, partners, and consultants are provided in the Third Party Security Awareness Standard.

All Company employees will be provided with recurring and ongoing education and training to ensure continued awareness, and address emerging risks or topics of interest. Specific instructions and requirements for providing security awareness education and training for Company employees are provided in the Ongoing Security Awareness Standard.

All Company employees will be provided appropriate access to the Information Security Program Charter and relevant policies, standards, and guidelines. Specific instructions are provided in the Security Awareness Standard.

Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.

  • Security Awareness Standard page one of five.

    Security Awareness Standard page one of five.

  • Security Awareness Standard page two of five.

    Security Awareness Standard page two of five.

  • Security Awareness Standard page three of five.

    Security Awareness Standard page three of five.

  • Security Awareness Standard page four of five.

    Security Awareness Standard page four of five.

  • Security Awareness Standard page five of five

    Security Awareness Standard page five of five

Retrieved from "http://horseproject.wiki/index.php?title=Sample_Security_Awareness_Policy:&oldid=9939"