Policy and Procedure Research and References

by John Bandler

Monkeys typing a policy infographic 2022

I am researching about policies and procedures, especially regarding information governance and cybersecurity. I am interested in written references and experiences and practices.

I have done much work in this area and written on it already. Now I need to take it to the next level because I am building a course for InfoSec Skills on the topic, with a focus on information security and information management.

So, I am doing research to evaluate all helpful references and ideas.

1. What do you recommend?

I welcome your feedback on what references or thoughts you have.

  • Resources that are good (books, articles, etc.)
  • Methods and practices that work
  • Things to avoid

2. Here is my current research list

As I mentioned, I have done work in the area and have written on it already, so I am starting with my blog articles, then other works.

2.1 My existing articles

Here are my current articles and resources, which I have organized according to my concepts for organization and information security management, which includes:

  • Three platforms to connect for legal compliance
  • Four platforms to connect for mission and compliance
  • Five components for creating policies (including the four platforms).Planning policies with Bandlers Five Components 1 Internal Rules

Links include:

2.2 External references

Policy procedure infographic

I want to make sure I have identified and researched any helpful external references. Here is a partial list, please let me know if you have additions.

2.2.1  Books on policies and procedures as a general matter (not specific to infosec)

  • Campbell, Nancy, Writing Effective Policies and Procedures: A Step-by-Step Resource for Clear Communication ✔
  • Brumby, Kirsten, How to Write Effective Policies and Procedures: The System that Makes the Process of Developing Policies and Procedures Easy ✓
  • Peabody, Larry, How to Write Policies, Procedures & Task Outlines: Sending Clear Signals in Written Directions ✓
  • Green, Scott M., Policy & Procedure System: A Demystification Guide ✓
  • Harris, Michelle, Policies and Procedures Manual: The Complete Manual ✓

2.2.2  Books on policies and procedures for information security, cybersecurity, data security, information technology

  • Landoll, Douglas J, Information Security Policies, Procedures, and Standards: A Practitioner's Reference ✔
  • Charles Cresson Wood, Information Security Policies Made Easy Version, Version 14 (V 14 has a hefty price tag of $795! I have an earlier version) ☐
  • Raggad, Bel G, Information Security Management, Concepts and Practice ✔
  • Peltier, Thomas, Information Security Policies and Procedures: A Practitioner's Reference, Second Edition ✓
  • Peltier, Thomas, Policies and Procedures for Data Security: A Complete Manual for Computer Systems and Networks ✓
  • Rauschendorfer, David, Complete Guide to Building An Information Security Program: Connecting Polices, Procedures, & IT Standards ✓

2.2.3  Articles on policies and procedures

Too many to list. Eventually I may list those I think are among the best. For now, I would like to hear what others think. I think mine are very good (see 2.1 above).

2.2.4 Best practices on policies and procedures

For now, I would like to hear what others think. I have already written on my thoughts and conceptualizations (Three Platforms, Fourth Platform, Internal Rules, ENTER, etc.).

2.2.5 Courses of study on policies and procedures

That is what I am building now with InfoSec Skills.

3. Conclusion and disclaimer

This page is a draft and work-in-progress. I am not endorsing any other materials at this point but merely compiling a list for further research. And of course this is not legal advice nor consulting advice.

4. Additional reading and references

Here are my main platforms and components for building and updating policies:

Posted to https://johnbandler.com/policy-and-procedure-references. Copyright John Bandler, all rights reserved.

Posted 3/21/2022. Updated 9/27/2022.

Monkeys typing a policy infographic 2022