1. Templates
  2. Employment
  3. Cyber Security Policy Template

Cyber Security Policy Template

Image 1

Policy Title: Cyber Security Policy

Executive-in-Charge: [Partner.FirstName][Partner.LastName]

Cyber Security Manager: Information Technology Office, Chief Officer [Officer.FirstName][Officer.LastName]

Office-in-Charge: Information Technology Office

Policy Endorsed by: The Committee on Cyber Security

Policy Approval Date: (date)

Policy Effective Date: (date)

Policy Next Review Date: (date)

To be implemented by: ALL DEPARTMENTS AND DIVISION; ALL ORGANIZATION AND AFFILIATES UNDER [Officer.Company]

I. POLICY BACKGROUND

The [Officer.Company] ("Company") is committed to safeguarding the confidentiality of all access and application assets available and to complying with the current laws, regulations, guidelines, and best practices to protect its (list all who apply, e.g., employees, stakeholders, officers, affiliates, and shareholders) from the dangers of the cyber world due to its technological advances that include cybercriminals who engage in various types of cybercrime such as phishing, data leakage, inside job or threat, unethical hacking, and ransomware.

II. PURPOSE

This policy was written and approved by the Committee on Cyber Security to provide a security framework to all bonafide (list all who apply, e.g., employees, stakeholders, officers, affiliates, and shareholders) of [Officer.Company]  that will ensure protection from unauthorized access, loss or damage while supporting the information exchange that usually happens while accessing the internet that may be vulnerable to all of the above-mentioned dangers of the cyber world.

Failure to act in accordance with this policy may subject its (list all who apply, e.g., employees, stakeholders, officers, affiliates, and shareholders) to disciplinary actions, potential penalties, or, worse, termination of the contract.

III. DEFINITION OF TERMS

1. Cyber Security

Also known as Information Technology Security refers to the practice of protecting the computer, hardware, software, servers, mobile devices, electronic systems, and data from malicious attacks that will compromise the efficiency of the Company to safeguard the confidentiality and integrity of all the access and applications.

2. Information Technology

Refers to the use of computers and the internet to access and exchange all kinds of information.

3. Unauthorized Access

Refers to the person who tries to gain access to a certain application or information without proper consent or permission from an authorized user or Company.

4. Cybercrime

Refers to an unethical activity that involves computers and a network that is commissioned to commit an online crime with the sole purpose of harming someone or a company’s security, especially its financial health.

5. Cybercriminals

Refers to an individual or group of people that engage in cybercrime.

6. Phishing

Refers to a fraudulent activity that masks itself as an official and reputable entity in all forms of communication. These cybercriminals, for example, will send an email in a seemingly official update from the bank through its distributed attachments and links that will help them gain access, should it be successfully filled out, by the victim’s account.

7. Ransomware

Refers to a type of malware (“malicious software”) that blocks and locks the user from accessing its application or files, usually happens in the Company or an organization setting, that unblocks and unlocks the user once the cybercriminals received the payment.

IV. CYBER SECURITY TRAINING AND AWARENESS

The (Company Name) will provide Cyber Security training with a certified Cyber Security Professional for its bonafide (list all who apply, e.g., employees, stakeholders, officers, affiliates, and shareholders) to help them discern all their activities that involve networks, computers, and the use of the internet for their safety as well as the Company’s.

The Cyber Security Training and Awareness may involve the following topics:

  1. How to Recognize Phishing Attacks

  2. Unique Passwords and Authentications

  3. The Proper Use of Removable Media

  4. Devices Security: Mobile, Laptops, and Computers

  5. Working Remotely and Security at Home

  6. The Dangers of Public Wi-Fi

  7. Physical Security Within and Outside the Premises of the Company

  8. Social Media

V. PERSONNEL RESPONSIBILITIES

All subjects – bonafide (list all who apply, e.g., employees, stakeholders, officers, affiliates, and shareholders) – must be cyber security aware and informed by attending all training and certification as well as compliant with the process and procedures of the Company. All subjects are required to do the following:

  1. All devices provided by the Company  (list what those devices are, e.g., mobile, laptop, and computer devices) – are strictly for business use only to avoid any possible access opening from the outside network. It is provided for the sole purpose of the performance of your role to the Company and its Clients.

  2. Properly sign out of the systems and devices after office hours.

  3. Login credentials, especially the passwords to different systems and databases, should be stored in the secured password manager system as prescribed by the Company.

  4. Lock computer or laptop devices when the personnel is not in their respective workplace or work area.

  5. Avoid sharing any company data or information, especially with the person/s that is not in the company circle or in the business to know.

  6. Always be vigilant in your surrounding area outside the premises of the company in order to protect yourself, your essential belongings, your mobile, and your laptop devices. The company information may be important, but the subject itself is more valuable than any assets available.

  7. It is strictly implemented that all subjects must adhere never try to connect to any public Wi-Fi – anytime and anywhere; in malls, fast food chains, coffee shops, and any other places with a high risk of a security breach.

  8. Always be in your cyber security mindset.

VI. SECURITY OFFICER AND POLICY REVIEW

The [Officer.Company] has its own appointed Cyber Security Manager, the Chief Officer of the Information Technology Department, [Officer.FirstName][Officer.LastName], who will also lead the Committee moving forward.

The Cyber Security Manager is in charge of the implementation and execution of the overall process concerning cyber security. The Manager also has the sole authority to make and discern all cybersecurity-related decisions. All subjects are required to follow the directions given by the Cyber Security Manager along with the Committee.

Cyber Security Manager Short Bio:

Image 3

<Insert Formal Photo of the Officer>

[Officer.FirstName][Officer.LastName]

Role/s taken in the Company:

(insert timeline of employment and role/s of the manager had in the company)

Previous Employers and Role/s taken during employment:

(list down all previous employers along with the timeline and his/her role/s taken)

Certification and Licenses:

Training, Seminars, and Conferences Attended:

Awards and Achievements:

Publications:

The Cyber Security Committee:

These Officers will serve as the Cyber Security Manager’s body that will be of great help in the implementation and execution of this Policy to all its organization.

(list all the names of the appointed members of the committee at least one (1) representative from each department along with their credentials)

Policy Review

The Policy Review will be done every (number of years) from the Policy Effective Date and should be carefully deliberated with the Committee and higher management for the (Company Name) to keep up with the latest updates, changes, and innovations within the Cyber World.

The (Company Name) is full of great expectations that all the concerned subjects – (list all who apply, e.g., employees, stakeholders, officers, affiliates, and shareholders) – adhere, carefully read, understand, and agree to the Policy. ​

We are asking for your usual cooperation. ​

Signed:

Signature
MM / DD / YYYY

Executive-in-Charge: [Partner.FirstName][Partner.LastName]

Signature
MM / DD / YYYY

Cyber Security Manager: [Officer.FirstName][Officer.LastName]

Cyber Security Policy Template

Used 4,873 times

Use this template — free