Wireless Operational Security
A.3 ABC Inc. InfoSec Audit Policy
Policy No. 2
Effective date Month / Day / Year
Implement by Month / Day / Year
1.0 Purpose
To provide the authority for members of ABC Inc.'s InfoSec team to conduct a security audit on any system at ABC Inc. Audits may be conducted to:
-
Ensure integrity, confidentiality, and availability of information and resources
-
Investigate possible security incidents
-
Ensure conformance to ABC Inc. security policies
-
Monitor user or system activity where appropriate
-
Measure and report on risk
2.0 Scope
This policy covers the following:
-
All computer and communication devices that are part of, or associated with, the ABC Inc. Network
-
All information stored on ABC Inc. media (digital and hard copy information)
3.0 Policy
When requested , and for the purpose of performing an audit, any access needed will be provided to members of ABC Inc.'s InfoSec team. This access may include:
-
User level and/or system level access to any computing or communications device
-
Access to information (electronic, hardcopy, etc.) that may be produced, transmitted, or stored on ABC Inc. equipment or premises
-
Access to work areas (labs, offices, cubicles, storage areas, etc.)
-
Access to interactively monitor and log traffic on ABC Inc. networks
4.0 Enforcement
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
5.0 Definitions
6.0 Exceptions
Exceptions to information system security policies exist in rare instances where a risk assessment examining the implications of being out of compliance has been performed, where a Policy Exception Form <Insert Link> has been prepared by the data owner or management, and where this form has been approved by both the CSO or Director of InfoSec and the Chief Information Officer (CIO).
7.0 Revision History
Date ___/____/_____
Version:_______________________
Author:____________________________________
Summary:__________________________________