Security Awareness Policy

Powerful Essays
Security Awareness Policy
(statement 1)
The Information Security (IS) team is responsible for promoting on­going security awareness to all information system users. A Security Awareness program must exist to establish formal methods by which secure practices are communicated throughout the corporation. Security guidance must exist in the form of formal written policies and procedures that define the principles of secure information system use and the responsibility of users to follow them.
Security awareness articles, posters, and bulletins should be periodically created and distributed throughout the corporation to educate employees about new and existing threats to security and how to cope with them. All employees are responsible for promptly reporting to their management and Information
Systems (IS) management any suspected insecure conditions or security violations they encounter. All employees must be made aware of their security responsibilities on their first day of employment as part of the new­hire orientation program. All employees must comply with IS security policies by signing a compliance agreement that is retained in their personnel file. IS Security policies and procedures must remain current and readily available (e.g., via the intranet site) for Information System users to review and understand them. Information
Systems (IS) management must ensure that the terms and conditions of authorized system access are clearly communicated to potential users of those systems before access is granted. A formal process must exist to document that appropriate management was aware of and approved all access and privileges granted to corporate system users.

Justification:
Organizational security awareness is an essential part of the corporate security posture.
Information is one of the most valuable assets owned by the corporation, and securing information is the responsibility of every employee. Many security breaches



References: HIPAA,. (2014). Retrieved 19 November 2014, from  http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityrulepdf.pdf    PCI DSS,. (2014). Retrieved 19 November 2014, from  PCI DSS,. (2014). Retrieved 19 November 2014, from  https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf    NIST,. (2014). Retrieved 19 November 2014, from  NIST,. (2014). Retrieved 19 November 2014, from  http://csrc.nist.gov/publications/nistpubs/800­92/SP800­92.pdf    NIST,. (2014). Retrieved 19 November 2014, from  PCI DSS,. (2014). Retrieved 19 November 2014, from  https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf    ISO,. (2005). ISO/IEC 27002:2005(E), Information technology — Security techniques — Code    ISO,. (2013). ISO/IEC FDIS 27001:2013(E), Information technology — Security techniques —  Information security management systems — Requirements. (2013). Retrieved from  http://www.iso.org/    Qcode.co.uk,. (2014). PCI DSS Requirement 8: Part 3 – User & Password Policy « Qcode    Software, S. (2014). HIPAA Compliance Checklist for Password Security.    Webdrive.com,. (2014). Terminology. Retrieved 24 November 2014, from  Whaley, A. (2012). Are Your Passwords Secure AND HIPAA Compliant?. Manage My  Practice. Retrieved 19 November 2014, from 

You May Also Find These Documents Helpful

  • Powerful Essays

    Security Awareness

    • 1637 Words
    • 7 Pages

    Change Management Plan CSIA 413 Jason Hess VERSION HISTORY Version # | ImplementedBy | RevisionDate | ApprovedBy | ApprovalDate | Reason | 1.0 | | | | | | UP Template Version: 12/05/11 TABLE OF CONTENTS 1 Introduction 4 1.1 Purpose of The Change Management Plan 4 2 Change management Process 4 2.1 Change Request Process Flow Requirements 4 2.2 Change Request Form and Change Management Log 5 2.3 Evaluating and Authorizing Change Requests 6 2.3.1 Change Control Board…

    • 1637 Words
    • 7 Pages
    Powerful Essays
  • Satisfactory Essays

    ITC0299-1004A-01 Employee security awareness is let the employees of a company aware of the security of the company information such as data privacy of important information. This document is a guide that control directly support of the company security practice to safe guard information of the customers and company. Support, establish, and maintain the security and the internal control of the company. Will make and educate the security awareness which will help to plan an appropriate…

    • 290 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Security Policy

    • 966 Words
    • 4 Pages

    Law and Policy Case Stud Project: Law and Policy Case Study Date: 4/9/2013 Policies define a set of rules and procedures that all employees must abide by. It exist, first and foremost, to inform employees of what is and is not acceptable behavior in the organization. Information security is there to make sure that all of the organization's data are safe and secure against attacks. It sets up protocols to follow in order to achieve maximum data integrity, availability, and confidentiality…

    • 966 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    Information Management & Computer Security Awareness and challenges of Internet security Steve Hawkins David C. Yen David C. Chou Article information: To cite this document: Steve Hawkins David C. Yen David C. Chou, (2000),"Awareness and challenges of Internet security", Information Management & Computer Security, Vol. 8 Iss 3 pp. 131 - 143 Permanent link to this document: http://dx.doi.org/10.1108/09685220010372564 Downloaded on: 19 September 2014, At: 06:43 (PT) References: this document…

    • 9738 Words
    • 54 Pages
    Powerful Essays
  • Powerful Essays

    political upheavals and terrorist attacks. Safety and security of his and belongings is also kept in mind while selecting a tourist spot. A major determinant in a traveller’s decision to visit a destination is the perception of safety and security. Specific events or a series of events may undermine these perceptions of a destination. These events or circumstances, individually or in a combination have a negative impact on perceptions of safety, security or desirability of tourist destinations. The work…

    • 5124 Words
    • 22 Pages
    Powerful Essays
  • Powerful Essays

    Security Policy Framework

    • 2433 Words
    • 10 Pages

    Information Security Policy Framework Information Security Policy Framework Information Security Policy Framework For the healthcare industry it is important to have an Information Security Policy Framework within the organization to protect information that is accessed across the network by staff personnel and patients. In accordance with ISO/IEC 27799:2008, we begin to define the guidelines to support the interpretation and implementation…

    • 2433 Words
    • 10 Pages
    Powerful Essays
  • Good Essays

    This assignment attempts to show the importance of awareness of the security knowledge that will make us more aware about threats like escrow services fraud, spams and spoofing. There’s statistics demonstrates the recent trends of these types of threats that people usually face in the Internet. The impacts mostly negative and sometimes there are big losses. The research studies the potential of cyberattacks to increase loss, scams and spoofing, both locally and worldwide. Social…

    • 933 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    General Security Policy

    • 4713 Words
    • 19 Pages

    Information Security Policy I. POLICY A. It is the policy of ORGANIZATION XYZ that information, as defined hereinafter, in all its forms--written, spoken, recorded electronically or printed--will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle. This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information. B. All policies and…

    • 4713 Words
    • 19 Pages
    Powerful Essays
  • Best Essays

    Information Security Policy

    • 3396 Words
    • 14 Pages

    Appendix B INFORMATION SECURITY POLICY Table of Contents 1. Executive Summary 1 2. Introduction 2 3. Disaster Recovery Plan 5 3.1. Key elements of the Disaster Recovery Plan 5 3.2. Disaster Recovery Test Plan 6 4. Physical Security Policy 8 4.1. Security of the facilities 8 4.1.1. Physical entry controls 8 4.1.2. Security offices, rooms and facilities 8 4.1.3. Isolated delivery and loading areas 9 4.2. Security of the information systems 9 4.2.1. Workplace protection 9 4.2.2. Unused…

    • 3396 Words
    • 14 Pages
    Best Essays
  • Powerful Essays

    SAMPLE Security Policy

    • 3395 Words
    • 13 Pages

    six years. A well-honed management strategy built on scaling operational performance through automation and technological innovation has propelled the company into the big leagues; GDI was only recently profiled in Fortune Magazine. The GDI security policy displays the company stand on the value and importance of GDI information infrastructure, and states that internally and externally that infrastructure is an asset, the property of the GDI, and is to be protected from unauthorized access, modification…

    • 3395 Words
    • 13 Pages
    Powerful Essays