Pulling it all together – Social Engineering Security Policy
Policy Statement
Policy Statement
The increasing security concerns regarding social engineering are remarkable. Therefore, organizations have been mandated to address the different social engineering threats as the central aspect of standard risk mitigation techniques. Therefore, this policy statement aims to act as an official procedure that the organization will rely on to deliver education to the employees regarding organizational policies and procedures that they should conform to when working with Information technology.
Purpose
The primary purpose of raising this awareness is to slim down the company's attention on security, establish sensitivity to the various vulnerabilities and threats of the computer systems, and identify the need to protect information, data, and strategy. The policy will focus on educating the staff on the key areas that include misuse of the networks or systems, password guessing, and abuse of privileges provided to them in the systems. Others contain accidental disclosure of sensitive information, malicious viruses, Trojan horses, and worms coming from the emails and the various files that have been downloaded. Also, the employees will be trained to include the multiple ways malicious individuals can target to steal technology devices, including laptops containing sensitive information.
Scope
This policy will apply to all staff within the faculty of Virtual Networks. Still, it will not be limited to part-time employees, full-time employees, contractors, trainees, temporary employees, volunteers, and vendors. It will apply to every individual who plays an essential role in the organization and has been granted access by the company to its sensitive information, including PII.
The PII, in this case, will stand for personally identifiable information, which is any information or data that poses the possibility of identifying a particular individual in the organization. This type of information can be that the organization uses to distinguish its employees from other people. Therefore, the organization will consider any form of identity recognition, such as passwords and biometric recognition, as PII.
The procedure of conducting the training
Onboarding staff will be mandated to complete the needed new hire security training 60 days after the recruitment. The Human Resource department will be accountable for instantly informing the Compliance Department of new recruitment to ensure that every employee is scheduled for training within the mandated timeframe. Every employee must complete the ongoing security training required by the security officer. IT will dispatch security awareness reminders regularly to employees. They are held accountable to read and implement any form of instructions integrated into the security awareness reminders. The training, auditing, and tracking of policy compliance will be conducted annually to keep employees up to date with the changes that are happening in the social engineering field.