PURPOSE OF THE CYBER SECURITY POLICY

WHML.ORG’s Cyber Security Policy has been developed to protect the organization’s information assets, defend against cyber threats, and prevent information security breaches. This policy defines the principles and practices required to ensure the security of WHML.ORG’s digital operations and the protection of users’ data.

SCOPE OF THE POLICY

This Cyber Security Policy covers all information systems, databases, networks, hardware, software, and associated information assets within WHML.ORG. In addition, all WHML.ORG employees, volunteers, members, business partners, and third-party service providers are obliged to comply with this policy.

INFORMATION SECURITY PRINCIPLES

Confidentiality: Information belonging to WHML.ORG must only be accessible by authorized personnel. Personal and sensitive information must be protected and secured against unauthorized access.

Integrity: The accuracy and integrity of information must be preserved. Unauthorized alteration or deletion of information must be prevented.

Availability: Information must be accessible to authorized users when needed. The continuity of information systems must be maintained.

CYBER SECURITY PRACTICES

Firewalls and Anti-Virus Software: WHML.ORG uses firewalls and up-to-date anti-virus software to protect its networks and systems.

Encryption: Data encryption techniques are used to ensure the security of sensitive information. Data is encrypted during transmission and storage.

Access Controls: Access to information systems is restricted to authorized personnel only. User accounts and access permissions are regularly reviewed.

Backup and Disaster Recovery: Regular backups are performed to ensure the continuity of information systems, and disaster recovery plans are established.

Security Training: WHML.ORG employees and volunteers receive regular training on information security to increase awareness.

CYBER THREATS AND RISK MANAGEMENT

Risk Assessment: WHML.ORG regularly assesses its information assets and the threats facing these assets. Risks identified through risk assessment are prioritized, and appropriate measures are taken.

Cyber Threat Intelligence: WHML.ORG utilizes cyber threat intelligence sources to gather up-to-date information on cyber threats and to be prepared for them.

Security Incident Management: WHML.ORG applies security incident management processes to detect, respond to, and report information security breaches and cyber attacks. Security incidents are handled quickly and effectively, and necessary measures are taken.

LEGAL AND REGULATORY COMPLIANCE

Data Protection Laws: WHML.ORG complies with national and international laws on the protection of personal data. It adheres to regulations such as the European Union General Data Protection Regulation (GDPR).

Cyber Security Standards: WHML.ORG designs and implements its information security management systems in accordance with internationally recognized standards (e.g., ISO/IEC 27001).

MONITORING AND AUDIT

Internal Audits: WHML.ORG regularly evaluates its information security management systems through internal audits. Internal audits are conducted to identify security gaps and determine opportunities for improvement.

External Audits: WHML.ORG validates its information security practices through external audits conducted by independent third parties. External audits assess WHML.ORG’s compliance with information security standards and effectiveness.

USER RESPONSIBILITIES

Compliance with Security Policies: Users must comply with WHML.ORG’s information security policies and procedures.

Password Security: Users must use strong and complex passwords and must not share their passwords with others.

Reporting Security Incidents: Users must immediately inform WHML.ORG’s security team if they detect any security breach or suspicious activity.

Applying Updates and Patches: Users must regularly apply updates and security patches to the software they use.