Policy Document Structure & Policy Elements Report 2022
Added on 2022-09-18
4 Pages1089 Words180 Views
|
|
|
Final project
Policy Document Structure &
Policy Elements
Please refer to the policy elements and the policy document
structure written below for your final project. You shall consider
most of policy elements that given below when you are writing or
developing your organization policy.
1. You need to use the table below to document the policy that you are going
to develop and give a brief information about the approved policy.
XYZ INFOTECH
Security Awareness and Training Policy
Author: Chief Information and security Office [please fill]
Authorized By: Chief Executive Officer
Implementation
By:
Director, Information and Communication Technology
Policy
Reference:
NIST, HIPPA, PCI-DSS, ISO 27001
Version No: 2 Approval
Committee:
XYZ Steering
Committee
Date approved: 10/04/2020 Minute No: 15.40.03
Status: Approved Implementation
Date:
20/04/2020
Period of
approval:
1 year Review Date: 20/04/2021
2. Policy Definition: The Security awareness and training policy is a policy that is devised in
order to educate the employees of the company about the security of the computer systems. A
good security awareness policy should educate employees about the corporate policies and
procedures in order to work with the information technology
3. Purpose: This document develops Security awareness and training policy for XYZ
INFOTECH. This policy makes sure awareness of security and controls of training that
Policy Document Structure &
Policy Elements
Please refer to the policy elements and the policy document
structure written below for your final project. You shall consider
most of policy elements that given below when you are writing or
developing your organization policy.
1. You need to use the table below to document the policy that you are going
to develop and give a brief information about the approved policy.
XYZ INFOTECH
Security Awareness and Training Policy
Author: Chief Information and security Office [please fill]
Authorized By: Chief Executive Officer
Implementation
By:
Director, Information and Communication Technology
Policy
Reference:
NIST, HIPPA, PCI-DSS, ISO 27001
Version No: 2 Approval
Committee:
XYZ Steering
Committee
Date approved: 10/04/2020 Minute No: 15.40.03
Status: Approved Implementation
Date:
20/04/2020
Period of
approval:
1 year Review Date: 20/04/2021
2. Policy Definition: The Security awareness and training policy is a policy that is devised in
order to educate the employees of the company about the security of the computer systems. A
good security awareness policy should educate employees about the corporate policies and
procedures in order to work with the information technology
3. Purpose: This document develops Security awareness and training policy for XYZ
INFOTECH. This policy makes sure awareness of security and controls of training that
safeguard the confidentiality, integrity and availability of the information resource of the
company.
4. Scope: The security policies concerns to all the employees, contractors, vendors, guests and
the other people that connect to the systems and the network of the Company that uses any
devices of computing. This policy also applies to all the connections of network and the access
connections those are remote. This security policy covers all the technical deployments of remote
or local access that is utilized in order to connect to the network of the Company.
5. Target Audience or Applicability: The security framed by the XYZ INFORTECH will be
applicable to all the members of the company, the employees of the company, guests, vendors,
contractors and the third parties that utilize the systems and the network of the Company.
6. Objectives:
Information security is believed to protect three major goals:
Confidentiality – the assets of data and information must be restricted to
people those are authorized to access and not be revealed to others;
Integrity – keeping the data undamaged, absolute and exact, and IT systems
operational;
Availability – an aim representing that information or system that is at
removal of users those are authorized when required.
7. Standard: The Company should maintain several standards regarding the security
awareness and the training policies. The standards include:
The awareness of security must be conducted once a year by the Company
Upgrading the awareness of the requirement in order to safeguard the assets of
information
Making sure that users appreciate their responsibilities in order to protect the information
resources
Making sure that users are knowledgeable about the security policies of the company and
develop skills in order to perform their skills securely
The employees will be trained as soon as they will be recruited to the company.
8. Roles and Responsibilities: In association with the human resources, the department of
information technology will develop and facilitate the Security and awareness program, make
sure that all the employees of the company get proper security training related to their
responsibilities and maintain records of the training that is received. This policy is owned by
the Vice President and the CEO of the company and they will co-ordinate and revisions in
the security policy
9. Procedures and Guidelines: The procedures and the guidelines of the XYZ INFOTECH
include the following:
Employee security awareness training: All the employees of the company that have access to the
information resources of the company must complete their training within first 30 days of their
recruitment in the company. The training must be completed yearly and a person must be hired
in order to train the employees
company.
4. Scope: The security policies concerns to all the employees, contractors, vendors, guests and
the other people that connect to the systems and the network of the Company that uses any
devices of computing. This policy also applies to all the connections of network and the access
connections those are remote. This security policy covers all the technical deployments of remote
or local access that is utilized in order to connect to the network of the Company.
5. Target Audience or Applicability: The security framed by the XYZ INFORTECH will be
applicable to all the members of the company, the employees of the company, guests, vendors,
contractors and the third parties that utilize the systems and the network of the Company.
6. Objectives:
Information security is believed to protect three major goals:
Confidentiality – the assets of data and information must be restricted to
people those are authorized to access and not be revealed to others;
Integrity – keeping the data undamaged, absolute and exact, and IT systems
operational;
Availability – an aim representing that information or system that is at
removal of users those are authorized when required.
7. Standard: The Company should maintain several standards regarding the security
awareness and the training policies. The standards include:
The awareness of security must be conducted once a year by the Company
Upgrading the awareness of the requirement in order to safeguard the assets of
information
Making sure that users appreciate their responsibilities in order to protect the information
resources
Making sure that users are knowledgeable about the security policies of the company and
develop skills in order to perform their skills securely
The employees will be trained as soon as they will be recruited to the company.
8. Roles and Responsibilities: In association with the human resources, the department of
information technology will develop and facilitate the Security and awareness program, make
sure that all the employees of the company get proper security training related to their
responsibilities and maintain records of the training that is received. This policy is owned by
the Vice President and the CEO of the company and they will co-ordinate and revisions in
the security policy
9. Procedures and Guidelines: The procedures and the guidelines of the XYZ INFOTECH
include the following:
Employee security awareness training: All the employees of the company that have access to the
information resources of the company must complete their training within first 30 days of their
recruitment in the company. The training must be completed yearly and a person must be hired
in order to train the employees
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
THE DEVELOPING POLICYlg...
|6
|1084
|17
System Administration Assignmentlg...
|7
|867
|234
INFORMATION SECURITY POLICY.lg...
|3
|369
|54
Security Awareness: Importance, Types of Policies, and Strategies for Protectionlg...
|7
|2173
|1
Maintaining SLAs While Handling Major Incidentslg...
|11
|4510
|1781
Auditing Theory and Practice- PDFlg...
|4
|759
|73