top of page
Donald E. Hester

Cybersecurity Policies Made Easy

People often ask for advice regarding information security or cybersecurity policies. For the remainder of this article, I will use cybersecurity and information security interchangeably. Nearly always it is a loaded question, exactly what do they mean by policy? Cybersecurity documentation for organizations comes in many levels and is influenced by a number of internal and external sources. Within an organization, there may be four levels of cybersecurity documentation. I use the word documentation to encompass all four levels of documentation within an organization that direct staff, contractors, and others on approved activities.

Cybersecurity documentation can be confusing. What adds to the confusion is the inconsistent use of terminology and different synonymous terms for policies between organizations. To help dispel the confusi