How to define an Acceptable Use IT CyberSecurity Standard? Download this Acceptable Use IT Security Standard template if you are working on IEC, NIST, ISO27001:2013, cyber essentials (UK), or other IT and control objectives.
The scope of this standard applies to all users of the organization regarding the Information and Communication Technology resources – including (but not limited to) staff (including casuals and volunteers), consultants and contractors, third parties, agency staff, and visitors to the organization.
In this Standard, ‘User’ means and includes all staff and other users who are authorized by the [Company Name] to access its systems and/or network. The organization or company embraces and relies on the use of technology, the Internet, and digital media to conduct services. [Company Name] expects all users who have access to the organization’s information systems and services to adhere to organizations' rules regarding their use.
The purpose of this standard is to set out the rules for acceptable use of the information systems and services for individuals that have been authorized to use or access the Organizations' information systems. Appropriate data security controls reduce the likelihood (and impact) of data breach incidents during various phases of the data lifecycle. The purpose of this standard is to set out the rules for securing the companies' data during transmission and storage. This document provides best practice recommendations on information security management for use by those responsible for initiating, implementing, or maintaining information security management systems (ISMS).
Nowadays, with the digitalization of our society, the need for data protection became more important. The latest IT Security Standards involve the application of technology to broader social and institutional contexts, and thereby contributes to the servitization of companies, and affects how they compete and interact. This document contains security technology solutions to protect data classified as “Highly Sensitive”, “Sensitive”, “Private” or “Public” as per the Data Classification Standard and Data Handling Guidelines. Specifically:
- Cryptography – Encryption and hashing solutions for protecting sensitive data when in transit or storage, and
- Data Masking – Data masking is a technology for obscuring sensitive information in non-production environments. Through data masking [Company Name] protects the content of sensitive data in non-production environments to ensure that:
- Application developers, testers, privileged users, and outsourcing vendors do not have unauthorized access to such information.
- The data maintains the referential integrity of the original production data.
Download this Acceptable Use now. Besides this document, make sure to have a look at the IT Security Roadmap for proper implementation and this fit-for-purpose IT Security Kit here with over 40 useful templates. The document(s) are easy to modify and can be downloaded directly after purchase.