Policy and Procedure Research (soon to be References)

by John Bandler

Monkeys typing a policy infographic 2022

I am researching written resources regarding policies and procedures, especially regarding cybersecurity. I am also interested in experiences and practices.

I have done much work in this area, and written on it already, but now I need to take it to the next level.

So, I am doing research to evaluate all helpful references and ideas. My focus will be information security, cybersecurity, privacy, and related information governance issues. And good governance principles transcend departments.

Soon, I will start building a course about how to build great policies and procedures, with a focus on security.

1. What do you recommend?

I welcome your feedback on what references or thoughts you have.

  • Resources that are good
  • Methods and practices that work
  • Things to avoid

2. Here is my current research list

As I mentioned, I have done work in the area and have written on it already.

2.1 My existing articles

Here are my current articles and resources.

2.2 External references

Policy procedure infographic

I want to make sure I have identified and researched any helpful external references. Here is a partial list, please let me know if you have additions.

2.2.1  Books on policies and procedures as a general matter (not specific to infosec)

  • Campbell, Nancy, Writing Effective Policies and Procedures: A Step-by-Step Resource for Clear Communication ✔
  • Brumby, Kirsten, How to Write Effective Policies and Procedures: The System that Makes the Process of Developing Policies and Procedures Easy ✓
  • Peabody, Larry, How to Write Policies, Procedures & Task Outlines: Sending Clear Signals in Written Directions ✓
  • Green, Scott M., Policy & Procedure System: A Demystification Guide ✓
  • Harris, Michelle, Policies and Procedures Manual: The Complete Manual ✓

2.2.2  Books on policies and procedures for information security, cybersecurity, data security, information technology

  • Landoll, Douglas J, Information Security Policies, Procedures, and Standards: A Practitioner's Reference ✔
  • Charles Cresson Wood, Information Security Policies Made Easy Version, Version 14, listed at "Only $795" (ouch!) ☐
  • Rauschendorfer, David, Complete Guide to Building An Information Security Program: Connecting Polices, Procedures, & IT Standards ☐
  • Peltier, Thomas, Policies and Procedures for Data Security: A Complete Manual for Computer Systems and Networks ☐
  • Peltier, Thomas, Information Security Policies and Procedures: A Practitioner's Reference, Second Edition ☐

2.2.3  Articles on policies and procedures

Too many to list. Eventually I may list those I think are among the best (I am going to list some of mine). For now, I would like to hear what others think.

2.2.4 Best practices on policies and procedures

Monkeys typing a policy infographic 2022

For now, I would like to hear what others think. I have already written briefly on my thoughts and conceptualizations (Three Platforms, Fourth Platform, Internal Rules, ENTER, etc.).

3. Conclusion and disclaimer

This page is a draft and work-in-progress. I am not endorsing any other materials at this point but merely compiling a list for further research. And of course this is not legal advice nor consulting advice.

4. Additional reading

Please see above! Especially my shorter blog articles in Section 2.1.

Posted to https://johnbandler.com/policy-and-procedure-references. Copyright John Bandler, all rights reserved.

Posted 3/21/2022. Updated 5/19/2022.

Monkeys typing a policy infographic 2022