1. of everyone to identify and report

1.       Scope

3.1   The main scope of this policy is
standardization and Assurance of the in-house data. The idea is that system
from diverse parties are more likely to fit together if they follow a common
guideline and management can be assured of the quality of a system if a
recognized framework is followed.

Best services for writing your paper according to Trustpilot

Premium Partner
From $18.00 per page
4,8 / 5
Writers Experience
Recommended Service
From $13.90 per page
4,6 / 5
Writers Experience
From $20.00 per page
4,5 / 5
Writers Experience
* All Partners were chosen among 50+ writing services by our Customer Satisfaction Team

2.       The
objectives of the policy

4.1 Keep
Information security practicing in daily operations.  And the management have to convey its
expectations of employees by stressing the principle of zero tolerance for
unacceptable behaviour relating to information security, rewarding good
behaviour, recognising and rewarding people for good work towards risk

4.2 People
respect the importance of information security policies and principles. The
security culture has been built. over time through constant efforts in creating
awareness. Employees now understand the importance of information security and
take security initiatives seriously. Audit has also played an important role in
enforcing various security policies and principles.

4.3 People are
provided with sufficient and detailed information security guidance and are
encouraged to participate in and challenge the current information security
situation. HDFC Bank believes in engaging all stakeholders in the effort. Introduction
of any new process involves ensuring open interaction with all the affected

4.4 The issues
are discussed in workshops and buy-in is achieved through two-way
dialogue—allowing everyone to clarify any doubts may have. Extensive training
is provided for every new information security initiative, not only to the
information security group but to all stakeholders.

4.5 Everyone is
accountable for the protection of information within the enterprise. The
information security group is responsible for identifying and managing the risk
whereas the business heads are held ultimately accountable. This makes all the
stakeholders feel responsible as well as accountable for protection of
information within the enterprise.

4.6 Stakeholders
are aware of how to identify and respond to threats to the enterprise. Threat
identification is part of the training provided to stakeholders. Stakeholders
are encouraged to report incidents, e.g., send an email to the ISG about any
spam or phishing email received. The response received by the ISG on a
day-to-day basis shows the keen awareness of everyone to identify and report

4.7 Management
proactively supports and anticipates new information security innovations and
communicates this to the enterprise. The enterprise is receptive to account for
and deal with new information security challenges.

4.8 ISG is
constantly engaged in introducing innovations to deal with information security
challenges. There is full management support to interact with industry and
share knowledge and experience with a larger audience as well as learn from
others. This case study is an example of this openness. Business management
engages in continuous cross-functional collaboration to allow efficient and
effective information security programmes. Policy Frameworks