This Phishing Policy serves as a critical governance document for organizations operating in the Philippines, addressing the growing threat of phishing attacks in the digital business environment. The policy is designed to comply with Philippine regulations, particularly the Cybercrime Prevention Act of 2012 (RA 10175) and the Data Privacy Act of 2012 (RA 10173), while incorporating international cybersecurity best practices. Organizations should implement this policy to establish clear guidelines for preventing, detecting, and responding to phishing attempts, protecting sensitive data, and maintaining operational security. The document is especially relevant given the increasing sophistication of cyber threats and the Philippine government's emphasis on cybersecurity compliance.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
Alternatively...
1. Purpose and Scope: Defines the objective of the policy and its applicability to different stakeholders within the organization
2. Definitions: Clear explanations of technical terms, types of phishing attacks, and other relevant terminology used throughout the policy
3. Legal Framework: Reference to relevant Philippine laws and regulations, including the Cybercrime Prevention Act and Data Privacy Act
4. Roles and Responsibilities: Defines the responsibilities of management, IT department, employees, and other stakeholders in preventing and responding to phishing attacks
5. Phishing Prevention Measures: Details mandatory security controls, email handling procedures, and prevention strategies
6. Training Requirements: Specifies mandatory security awareness training, frequency, and content related to phishing prevention
7. Incident Response Procedures: Step-by-step procedures for reporting and responding to suspected phishing attempts
8. Compliance and Enforcement: Outlines consequences of non-compliance and enforcement mechanisms
9. Policy Review and Updates: Specifies the frequency and process for reviewing and updating the policy
1. Industry-Specific Requirements: Additional requirements for organizations in regulated industries (e.g., financial institutions, healthcare providers)
2. Remote Work Considerations: Specific guidelines for preventing phishing attacks in remote work settings
3. Third-Party Risk Management: Guidelines for managing phishing risks related to third-party vendors and contractors
4. Social Media Guidelines: Specific provisions for preventing phishing attacks through social media platforms
5. Mobile Device Security: Additional guidelines for preventing phishing attacks on mobile devices
1. Appendix A: Phishing Attack Examples: Visual examples and descriptions of common phishing attacks
2. Appendix B: Reporting Templates: Standard forms and templates for reporting suspected phishing incidents
3. Appendix C: Technical Controls Checklist: Detailed list of required technical controls and configurations
4. Appendix D: Training Materials: Reference materials and guidelines for phishing awareness training
5. Appendix E: Incident Response Flowchart: Visual representation of the incident response process
6. Appendix F: Contact Information: List of key contacts for incident reporting and response
Authors
Find the document you need
Vulnerability Assessment Policy
A comprehensive policy document outlining vulnerability assessment procedures and requirements for organizations operating in the Philippines, aligned with local cybersecurity laws and regulations.
Download
Phishing Policy
A Philippine-compliant policy document establishing guidelines and procedures for protecting organizations against phishing attacks, aligned with local cybersecurity laws.
Download
Vulnerability Assessment And Penetration Testing Policy
A policy document governing vulnerability assessment and penetration testing activities for organizations in the Philippines, ensuring compliance with local cybersecurity and data privacy regulations.
Download
Email Encryption Policy
A comprehensive email encryption policy document for Philippine organizations, ensuring compliance with local data privacy laws while establishing robust email security standards.
Download
Secure Sdlc Policy
A comprehensive policy document outlining secure software development lifecycle requirements and practices in compliance with Philippine regulations and security standards.
Download
Email Security Policy
A Philippine-compliant email security policy document establishing guidelines and requirements for secure email usage, aligned with local data protection and cybersecurity laws.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
