This policy can
guide business behavior to ensure ethical conduct.
Information sensitivity: This policy is intended to help employees determine what information can be
disclosed to nonemployees, as well as the relative sensitivity of information that should not be disclosed
outside an organization without proper authorization. The information covered in these guidelines includes
but is not limited to information that is either stored or shared via any means. This includes electronic
information, information on paper, and information shared orally or visually (such as by telephone, video
conferencing, and teleconferencing).
E-mail: This policy covers appropriate use of any e-mail sent from an organization's e-mail address and
applies to all employees, vendors, and agents operating on behalf of the company.
Password: The purpose of this policy is to establish a standard for creation of strong passwords, the
protection of those passwords, and the frequency of change.
Risk assessment: This policy is used to empower the Information Security (InfoSec) group to perform
periodic information security risk assessments (RA) for the purpose of determining areas of vulnerability
and to initiate appropriate remediation.
Pages:
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57