4 Establishing Governance through Policy

Writing policies is hard; writing good policies is even harder.

In this chapter, we will introduce governance through policy. Documents outlining policies, standards, and procedures (PSPs) are an integral part of establishing governance in your organization. However, writing policy documents is just a small part of the overall policy document life cycle.

Once a policy document has been drafted, it must be presented in front of a policy steering committee and then signed off by someone in the C-suite. As this process unfolds, your overall maturity in cybersecurity will improve. This will move the organization upward in the tiers when it is scored against the NIST Cybersecurity Framework (CSF).

I had a ...

Get Executive’s Cybersecurity Program Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Executive’s Cybersecurity Program Handbook by Jason Brown

4

Establishing Governance through Policy

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly