Information is an important, valuable asset of the Company which must be managed accordingly. All information has a value to the Company. However, not all of this Information has an equal value or requires the same level of protection.
Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorized use.
Formal procedures must control how access to information is granted and how such access is changed.
This IT Security Policy describes how to use information systems resources to ensure information security within the Company. The policy refers, without limiting, at confidentiality, integrity, availability, risk management and access control of Company’s Information Systems.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. POLICY STATEMENTS
3.1 ACCESS CONTROL
3.2 PHYSICAL & ENVIRONMENTAL SECURITY
3.3 INFORMATION SYSTEMS PRIVILEGED ACCESS
3.4 DATA BACKUP
3.5 VIRUS/MALWARE/SPYWARE PREVENTION AND COMPUTER PROTECTION
3.6 SECURITY EVENTS (INCIDENTS)
5. FINAL CONSIDERATIONS
5.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
5.2 DOCUMENT REVISION
The purpose of the Protection Against Malicious Software Policy is to capture the requirements of the Company regarding controls preventing, detecting, suppressing and countering malicious software.
The Mobile Computing Policy addresses the actions that must be taken by the Company’s personnel who have mobile computing equipment, or who are temporarily using mobile computing equipment.