Creating Cybersecurity Policies

Posted by tward026 on

Cryptography Policy
Organization: Titan Financial Group (TFG)
Effective Date: September 27, 2025
Approved By: Chief Information Security Officer (CISO)
Version: 1.0
1.Purpose
The purpose of this policy is to create consistent, organization- wide requirements for the
use of cryptography at Titan Fianacial Group (TFG). By implementing strong cryptography
practices, TFG seeks to ensure the confidentiality, integrity, and availability of customer,
employee, and corporate information while meeting regulatory requirements.

2. Scope
This policy applies to:
• All TFG information systems, applications, networks, and databases.
• All TFG employees, contractors, and third parties with access to company systems
• All cryptographic technologies are used to secure sensitive financial and personal
data.

3. Strategy and Planning
3.1 Strategic Goals
• Adherence to Regulation: Establish all encryption practices align with global
financial regulations.
• Enterprise Stability: Lower exposure of fraud, breaches, and service interruptions by
implementing strong encryption and key management
• Assurance of Data Security: Maintain customer trust by safeguarding transactions
and communications.
3.2 Strategic Approach
• Assign budget and resources to maintain up-to-date encryption technologies and
staff training.
• Perform yearly cryptography risk evaluations
• Create a CISO-led Cryptography Steering Committee to evaluate new threats,
strategize future upgrades, and update policies.

4. Rules and Protocols

4.1 Approved Algorithms and Protocols
• Implement only industry-standard approved encryption algorithms.
• Deprecated algorithms (MD5, SHA-1, DES) are prohibited.
4.2 Secure Key Handling
• Access to cryptographic keys is restricted to authorized staff with multi-factor
authentication.
• At least yearly, keys must be rotated and destroyed properly at the end of their
lifecycle.
• Keys must be created and stored using approved Hardware Security Modules
(HSMs).
4.3 Secure Data Handling
• In Transit: All sensitive transactions must be protected by TLS 1.2 or higher.
• At Rest: All customer financial data must be encrypted using AES-353 or
stronger.
• Mobile/Removable Media: Full-disk encryption must be enabled on company
mobile devices, portable drives, and laptops.

5 Responsibilities
• CISO: Monitors cryptography practices, approve standards, and ensures
alignment with strategy.
• IT Security Team: Implements encryption measures, conducts monitoring
• Employees: are required to follow encryption guidelines when accessing or
storing sensitive data.
• Cryptography Committee: Review risk and update the cryptography roadmap
yearly.
6 Compliance and Enforcement
Failure to follow this policy will result in disciplinary actions in place. This includes
Access to system being revoked or termination of employment. Violations may result
in cancellation or suspension of contractual agreements.

Leave a Reply

Your email address will not be published. Required fields are marked *