Policies, Programs, and Procedures, Oh My!

Despite the apparent ubiquity of policy, program, and procedural documents in cybersecurity programs, the simple truth is that far too many companies do them incorrectly and incompletely. The problem is further exacerbated when it comes to creating documents that navigate and satisfy the complex interactions between practical execution, technology infrastructure oversight, risk management, and the ability for them (and their work products) to satisfy regulatory and compliance requirements. In this session, the presenter will share examples of the good, the bad, and the ugly, and discuss different practical ways to make documentation manageable, compliant, and auditable. The session will be an open discussion – attendees are even encouraged and welcomed to bring their own examples to share with the group (properly redacted).