Organizational Policy Review
Summary
Purpose
Guiding Questions
Operational Security
Preparation
Outputs
References and resources for Organizational Policy Review
-
Policy Templates Organizational Security Policies - Template (AccessNow; Available in English and Spanish)
-
Policy Templates Frontline Policies (Open Briefing, Available in English and Spanish). See also the associated Knowledge Base with directions on how to use the templates.
-
Policy Templates and Process SAFE AND DOCUMENTED FOR ACTIVISM (English, Spanish; focused on activist organizations)
-
Policy Templates Information Security Policy Templates (SANS)
-
Meta-Framework Cybersecurity Framework (NIST)
-
Guide: "Mitigation Recommendation" (NIST SP 800-115)
-
Overview: "How Is Risk Managed?" (An Introduction to Information System Risk Management)
-
Book: "Digging Deeper into Mitigations - p. 130" (Threat Modeling - Adam Shostack)[^shostack]
Organizational Policies:
Recommendation Development: