Introduction to security policies and directives
It is very important that the participants understand no only what security policies and directives are but also what they are for, reducing errors, improving the flow of activities and involving the participants better. Unlike other activities in this manual, the present chapter is more of an expository nature and less interactive. To the extent that the facilitator feels comfortable, it is recommended to design an activity that manages to introduce the concepts.
Data protection policies
One of the core aspects of any organization is the manipulation of data. The idea of developing a data protection policy is to establish a series of guidelines that help to treat each piece of information in the most appropriate way possible according to its sensitivity level.
Acceptable use policy to devices, accounts and passwords
Currently, most organizations use technology within their processes, this technology inevitably has vulnerabilities and is prone to fail or be abused. The idea of this policy is to provide safe use guidelines to the entry points of any member of the team, both at the level of devices and services on the Internet to protect the organization in the best possible way.
Clean desk policy
In any kind of organization, it's natural to arrange large amounts of highly sensitive information. The idea behind this policy is to establish a set of strategies to ensure both the physical information and the integrity of the equipment. This policy is one of the most linked daily basis tasks since it considers activities that must be carried out during the entire working day.