This Phishing Policy serves as a critical governance document for organizations operating in the Philippines, addressing the growing threat of phishing attacks in the digital business environment. The policy is designed to comply with Philippine regulations, particularly the Cybercrime Prevention Act of 2012 (RA 10175) and the Data Privacy Act of 2012 (RA 10173), while incorporating international cybersecurity best practices. Organizations should implement this policy to establish clear guidelines for preventing, detecting, and responding to phishing attempts, protecting sensitive data, and maintaining operational security. The document is especially relevant given the increasing sophistication of cyber threats and the Philippine government's emphasis on cybersecurity compliance.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Purpose and Scope: Defines the objective of the policy and its applicability to different stakeholders within the organization
2. Definitions: Clear explanations of technical terms, types of phishing attacks, and other relevant terminology used throughout the policy
3. Legal Framework: Reference to relevant Philippine laws and regulations, including the Cybercrime Prevention Act and Data Privacy Act
4. Roles and Responsibilities: Defines the responsibilities of management, IT department, employees, and other stakeholders in preventing and responding to phishing attacks
5. Phishing Prevention Measures: Details mandatory security controls, email handling procedures, and prevention strategies
6. Training Requirements: Specifies mandatory security awareness training, frequency, and content related to phishing prevention
7. Incident Response Procedures: Step-by-step procedures for reporting and responding to suspected phishing attempts
8. Compliance and Enforcement: Outlines consequences of non-compliance and enforcement mechanisms
9. Policy Review and Updates: Specifies the frequency and process for reviewing and updating the policy
1. Industry-Specific Requirements: Additional requirements for organizations in regulated industries (e.g., financial institutions, healthcare providers)
2. Remote Work Considerations: Specific guidelines for preventing phishing attacks in remote work settings
3. Third-Party Risk Management: Guidelines for managing phishing risks related to third-party vendors and contractors
4. Social Media Guidelines: Specific provisions for preventing phishing attacks through social media platforms
5. Mobile Device Security: Additional guidelines for preventing phishing attacks on mobile devices
1. Appendix A: Phishing Attack Examples: Visual examples and descriptions of common phishing attacks
2. Appendix B: Reporting Templates: Standard forms and templates for reporting suspected phishing incidents
3. Appendix C: Technical Controls Checklist: Detailed list of required technical controls and configurations
4. Appendix D: Training Materials: Reference materials and guidelines for phishing awareness training
5. Appendix E: Incident Response Flowchart: Visual representation of the incident response process
6. Appendix F: Contact Information: List of key contacts for incident reporting and response
Find the exact document you need
Audit Log Policy
An internal policy document governing audit log management and compliance with Philippine data privacy and cybersecurity regulations.
Download
Security Assessment Policy
A policy document outlining security assessment requirements and procedures for organizations in the Philippines, ensuring compliance with local data privacy and cybersecurity regulations.
Download
Vulnerability Assessment Policy
A comprehensive policy document outlining vulnerability assessment procedures and requirements for organizations operating in the Philippines, aligned with local cybersecurity laws and regulations.
Download
Audit Logging And Monitoring Policy
A comprehensive audit logging and monitoring policy compliant with Philippine data protection and cybersecurity regulations.
Download
Risk Assessment Security Policy
A policy document outlining security risk assessment procedures and compliance requirements for organizations operating in the Philippines, aligned with local data privacy and cybersecurity regulations.
Download
Security Logging Policy
An internal policy document establishing security logging requirements and procedures in compliance with Philippine data protection laws and security standards.
Download
Phishing Policy
A Philippine-compliant policy document establishing guidelines and procedures for protecting organizations against phishing attacks, aligned with local cybersecurity laws.
Download
Vulnerability Assessment And Penetration Testing Policy
A policy document governing vulnerability assessment and penetration testing activities for organizations in the Philippines, ensuring compliance with local cybersecurity and data privacy regulations.
Download
IT Security Risk Assessment Policy
A comprehensive IT security risk assessment framework compliant with Philippine data protection and cybersecurity laws, guiding organizations in identifying and managing information security risks.
Download
Email Encryption Policy
A comprehensive email encryption policy document for Philippine organizations, ensuring compliance with local data privacy laws while establishing robust email security standards.
Download
Client Security Policy
A security policy document outlining client data protection requirements and controls under Philippine law, including Data Privacy Act compliance.
Download
Consent Security Policy
A policy document outlining consent management and security procedures in compliance with Philippine data protection laws.
Download
Secure Sdlc Policy
A comprehensive policy document outlining secure software development lifecycle requirements and practices in compliance with Philippine regulations and security standards.
Download
Security Audit Policy
A Philippine-compliant Security Audit Policy establishing security audit procedures and compliance requirements under local data protection and cybersecurity laws.
Download
Email Security Policy
A Philippine-compliant email security policy document establishing guidelines and requirements for secure email usage, aligned with local data protection and cybersecurity laws.
Download
Genie’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; Genie’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)
.png)