TL;DR;: Help!. Do you have tips writen policies or examples of good #cybersecurity policies you could share?
Please #boost for reach.
Long:
A #Confession
I really struggle with writing #cybersecurity #policies
I feel caught between writing them for #Compliance (easy evidence that it is followed), prescriptiveness (telling "everyone" what they need to do), usability (adapted to real life usage and followable), risk appetite (which is so different depending who you ask and depending on the context) and "security" (related to risk appetite, what is it anyway ðĪŠâ).
And, to make matters worse I'm not an expert on all topics I'm asked to write policies for.
AND they shouldn't require frequent change ð
From what I see (there are so many bad policies around) I don't seem to be the only one ð
Help, stories, example, ... to help me (or others) writing better policies greatly appreciated.
Claudius Link /
npub1d0âĶ8mxth
2023-10-23 10:10:22
Author Public Key
npub1d0h84ekh94dwk920w4sthphxcvwxchcw93hskczekmvyjewhk7rqf8mxthSeen on
wss://relay.nostr.bandPublished at
2023-10-23 10:10:22Event JSON
{
"id": "af12a8592aba6f63da42f8d44c42fde8c119534776a55dd821181fd467203f9f",
"pubkey": "6bee7ae6d72d5aeb154f7560bb86e6c31c6c5f0e2c6f0b6059b6d84965d7b786",
"created_at": 1698055822,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"boost"
],
[
"t",
"confession"
],
[
"t",
"policies"
],
[
"t",
"compliance"
],
[
"proxy",
"https://infosec.exchange/users/realn2s/statuses/111283786390153314",
"activitypub"
]
],
"content": "TL;DR;: Help!. Do you have tips writen policies or examples of good #cybersecurity policies you could share?\n\nPlease #boost for reach.\n\nLong:\nA #Confession \n\nI really struggle with writing #cybersecurity #policies \n\nI feel caught between writing them for #Compliance (easy evidence that it is followed), prescriptiveness (telling \"everyone\" what they need to do), usability (adapted to real life usage and followable), risk appetite (which is so different depending who you ask and depending on the context) and \"security\" (related to risk appetite, what is it anyway ðĪŠâ).\n\nAnd, to make matters worse I'm not an expert on all topics I'm asked to write policies for.\nAND they shouldn't require frequent change ð \n\nFrom what I see (there are so many bad policies around) I don't seem to be the only one ð \n\nHelp, stories, example, ... to help me (or others) writing better policies greatly appreciated.",
"sig": "e4bee69f28ee7cb1acd5901b998ffa120fe1f6d5340d476f9f20e9d94f214106629188dfba3972e8d831ada3e86d2ba69f4818426b057289c4360015b61768b7"
}