Policy and Procedure Research (soon to be References)
by John Bandler
I am researching written resources regarding policies and procedures, especially regarding cybersecurity. I am also interested in experiences and practices.
I have done much work in this area, and written on it already, but now I need to take it to the next level.
So, I am doing research to evaluate all helpful references and ideas. My focus will be information security, cybersecurity, privacy, and related information governance issues. And good governance principles transcend departments.
Soon, I will start building a course about how to build great policies and procedures, with a focus on security.
1. What do you recommend?
I welcome your feedback on what references or thoughts you have.
- Resources that are good
- Methods and practices that work
- Things to avoid
2. Here is my current research list
As I mentioned, I have done work in the area and have written on it already.
2.1 My existing articles
Here are my current articles and resources.
- Policies, Procedures, and Governance of an Organization
- Policies and Procedures (and all other governance documents)
- Bandler's Three Platforms to Connect (external rules, internal rules, practice)
- Bandler's Fourth Platform to Connect (adding business needs and mission)
- Internal Rules (focusing on internal rules of organizations)
- Rules (laying out the concept of a "rule", in the context of an organization's internal rule, government rules, and more)
- Policy Checklist (a checklist for building, reviewing, and updating governance documents)
- Free Cybersecurity Policy (for very small organizations that cannot afford to hire anyone)
- Policy and Procedure Research and References (This article)
2.2 External references
I want to make sure I have identified and researched any helpful external references. Here is a partial list, please let me know if you have additions.
2.2.1 Books on policies and procedures as a general matter (not specific to infosec)
- Campbell, Nancy, Writing Effective Policies and Procedures: A Step-by-Step Resource for Clear Communication
- Brumby, Kirsten, How to Write Effective Policies and Procedures: The System that Makes the Process of Developing Policies and Procedures Easy ✓
- Peabody, Larry, How to Write Policies, Procedures & Task Outlines: Sending Clear Signals in Written Directions ✓
- Green, Scott M., Policy & Procedure System: A Demystification Guide ✓
- Harris, Michelle, Policies and Procedures Manual: The Complete Manual ✓
2.2.2 Books on policies and procedures for information security, cybersecurity, data security, information technology
- Landoll, Douglas J, Information Security Policies, Procedures, and Standards: A Practitioner's Reference
- Charles Cresson Wood, Information Security Policies Made Easy Version, Version 14, listed at "Only $795" (ouch!) ☐
- Rauschendorfer, David, Complete Guide to Building An Information Security Program: Connecting Polices, Procedures, & IT Standards ☐
- Peltier, Thomas, Policies and Procedures for Data Security: A Complete Manual for Computer Systems and Networks ☐
- Peltier, Thomas, Information Security Policies and Procedures: A Practitioner's Reference, Second Edition ☐
2.2.3 Articles on policies and procedures
Too many to list. Eventually I may list those I think are among the best (I am going to list some of mine). For now, I would like to hear what others think.
2.2.4 Best practices on policies and procedures
For now, I would like to hear what others think. I have already written briefly on my thoughts and conceptualizations (Three Platforms, Fourth Platform, Internal Rules, ENTER, etc.).
3. Conclusion and disclaimer
This page is a draft and work-in-progress. I am not endorsing any other materials at this point but merely compiling a list for further research. And of course this is not legal advice nor consulting advice.
4. Additional reading
Please see above! Especially my shorter blog articles in Section 2.1.
Posted to https://johnbandler.com/policy-and-procedure-references. Copyright John Bandler, all rights reserved.
Posted 3/21/2022. Updated 5/19/2022.