Maintain and improve Bandler’s cybersecurity program yourself

Maintain and Improve Bandler's Cybersecurity Program Yourself

By John Bandler

In this page we assume your organization has already adopted and implemented Bandler's Cybersecurity Program, as outlined in my other article.  If you haven't, this article below doesn't apply to you.

Now we talk about how you maintain it and improve your cybersecurity program.

Cybersecurity is a process of continual improvement, you can never stop, it takes years to build a culture of good management and practices for your cybersecurity program.

1. First, build (create) your existing cybersecurity program - following Bandler's templates

You should have done this already, before proceeding in this article. I cover what Bandler's Cybersecurity Program is here, and how to build it yourself here, so we won't discuss it much in this article. Perhaps you engaged me to build your program but you don't have resources to hire me to continue to improve it each year.

The purpose of this article is the next item, as you work to review and improve what you have.

2. Improve your existing cybersecurity program

You are maintaining and improving the cybersecurity program of your organization, which follows along with my general structure and template. You manage your program yourself, making your own decisions about your own cybersecurity.

Periodically (at a minimum, annually) you should review these items and look for improvement.

As you review, your focus is on three main goals (1) protect from cybercrime, (2) comply with legal requirements, (3) improve efficiency and the management of information systems.

As you review cybersecurity, your focus is as laid out in the policy, the three objectives of cybersecurity, weighed appropriately (confidentiality, integrity, availability).

Cybersecurity is never "done" but instead is a process of continual improvement. Good organizations work to continually improve their cybersecurity, how they manage information assets, and other areas of management and operations.

2.1 Review your cybersecurity policy and see my Cybersecurity Policy (Free Version)

Periodic review of your written documentation (cybersecurity policy, etc.) is a chance to ensure you are following it and look for improvements to policy and practice.

My online version may have updates that you want to incorporate.

I continually improve my template policy, and incorporate new works on cybersecurity, though these updates are relatively minor each year and throughout the years. I make it better, I like it more, but the changes are minor in comparison to other important aspects of how you manage your cybersecurity program.

2.2 Make sure someone is still in charge of cybersecurity in your organization

Someone needs to be responsible or things will not get done. Review who that is and how much time they are spending.

This cannot be their full time job (for most small or mid-sized organization) but is an additional and important duty they must spend reasonable time on.

Further, every employee needs to know that cybersecurity is their responsibility.

Ultimately, cybersecurity is the responsibility of top management of the organization (president, CEO, board of directors, owner, etc.) but they need to put an individual in charge and give them the necessary resources and supervision.

2.3 Train every organization member on cybersecurity and your rules for cybersecurity

Every employee needs to know that cybersecurity is their responsibility, and needs to know what the organization rules are about it (including the policy). A policy only has meaning if people know it and follow it.

Employees should receive some type of training annually, at a minimum.

Look for my materials, articles, videos.

2.4 Look for areas of improvement, starting with priority "low hanging fruit".

Look through the policy, your practices, and other guidance for priority areas of improvement.

Learn any terms or concepts you may not properly understand yet. (For example, if you do not know what "two factor authentication" means, you don't know if you are properly implementing it or not).

Focus on those three main goals (1) protect from cybercrime, (2) comply with legal requirements, (3) improve efficiency and improve the management of information systems.

Prioritize things such as:

• Easy, low input improvements that make a positive (if small) difference
• Critical decisions or implementations that greatly affect security (e.g., implementation of 2FA)
• Learning more about your systems, assets, and configurations.

3. Yes, DIY is possible

Yes, you can do this. DIY is possible. Every organization needs an effective cybersecurity program, and then needs to maintain, review, and improve it. That is clear.

Many organizations are small and with limited resources, they do not have a full time information security employee, much less a chief information security officer (CISO) with staff. Most organizations don't even have a full time information technology employee. Some cannot afford to hire an expert even for a small project.

But yet they still need to manage their information technology and security, even and especially as they hire outside vendors for IT related services.

My resources on this website will help you, and also my 2017 book, and my future book on cybersecurity (coming 2026 I hope).

4. Appreciate my free resources?

If you appreciate the free resources I am providing, please consider the thoughts in my article Give Forward or Give Back.

6. My services

If you need help, if there are things you don't fully understand or worry you are missing, I offer services to help move you forward, including hourly consults or fixed fee defined engagements.

We can make sure you have the basics in place and look for priority improvements, including (1) documentation, (2) initial training, (3) high priority initial improvements.

7. Disclaimers and terms

See all my disclaimers and terms on my free cybersecurity policy and for this website.

Summarized briefly: Information governance, cybersecurity, cybercrime protection, and compliance is challenging. You assume all risks, I have no liability, I retain all of my intellectual property rights.

This DIY method is exactly what it is, and no more. It is a DIY method to build your own cybersecurity program, recognizing that many small organizations lack the resources for professional assistance, even for an hourly consult. This is not a magic, effortless solution, nor is it a substitute for expertise in information technology and cybersecurity.

This is my gift to you, you agree not to sue me no matter what harms befall you, and you might even give back.

8. Additional links

• Maintain and improve your implementation of Bandler's cybersecurity program yourself (this article)
  • Video: Maintain Bandler's Cybersecurity Program Yourself in Your Organization (also embedded below)
• See my Bandler Cybersecurity Program DIY program video course either on YouTube or Udemy
  • See my free YouTube course (four videos, no registration required)
  • See my free Udemy course (five videos with downloadable handout)
• Build Bandler's cybersecurity program yourself
• Build Your Cybersecurity Program
• Cybersecurity program
• Cybersecurity Services
• Introduction to Cybersecurity and Information Security
• Bandler's Four Pillars of Cybersecurity
• Cybersecurity Tips From John Bandler
• Cybersecurity Policy (Free Version)
• Cybersecurity things to know
• Policies and Procedures Book
• Cyberlaw book
• Cybersecurity for attorneys (course outline)
• Cybersecurity and Cybercrime Prevention (course outline)
• Cybersecurity course at Udemy
• Key terms definitions
  • Cybersecurity
  • Information Security
  • Information governance

This page is hosted at https://johnbandler.com/bandlers-cybersecurity-program. Copyright John Bandler, all rights reserved.

Page posted 10/22/2025. Updated 11/09/2025