Best Practices

Video Activity

This lesson wraps up our section on policy. Instructor Kelly Handerhan will leave you with some practical suggestions that should make your policy writing much more effective and easily understood; which will only enhance compliance. - Less is more; don't "over-write" - Know your audience and write to their level - Always keep the subject/verb clos...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
38 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Description

This lesson wraps up our section on policy. Instructor Kelly Handerhan will leave you with some practical suggestions that should make your policy writing much more effective and easily understood; which will only enhance compliance. - Less is more; don't "over-write" - Know your audience and write to their level - Always keep the subject/verb close together - Use the "active voice" when possible; it is more directive and implies ownership - Make it professional- be consistent in the use of font and styles Always include an introduction in which you make your case and present the business justification for that particular policy. Always attain sign off from employees.

Video Transcription
00:04
Okay, So in wrapping up our section on policy, just wanted to leave you with some practical suggestions. And I think the 1st 1 is very, very helpful. Less is more so. Ultimately, keep your policy straight forward. Don't have them be too verbose, too wordy. Keep him clear and through the
00:23
to the point,
00:24
make your wording clear. You know, with policies, policies should be mandatory. So watch words like, should you know instead, try to use, shall, you know, should do this versus you shouting this and your organization may have its own language.
00:42
Uh, you know, preferences that you used but make it very clear what is mandatory and what is not.
00:47
And again, we want to make sure we address compliance in relation to our policies as well.
00:52
Um, no your audience and write to their level. So it's very important that we understand, um,
01:00
our organization, our organizational culture, who are people are and making sure that we're riding in a manner that is conducive to them. Understanding. Keep subject and verb close together. And that's just, you know, kind of Ah
01:18
ah, there's an English 101 idea for me. But when you're writing these policies you want, you want them to flow. You want it to be very clear what the directives are. So, you know, splitting eso these phrases and ah, uh, you just want to be very direct,
01:37
so subject in Virgo close together.
01:40
Use active voice when you're creating your policies rather than passive.
01:47
You know, uh and then there's an example of passive versus active but active it really it's signs and says This is what we're going to do.
01:55
Be very professional with your policy, good grammar spell check and all of those good things. And then, um,
02:02
to make your policies more understandable and more relevant. Make sure you include a business case and you explain to your voice why these elements are important. Doesn't have to be a 20 page justification, but ultimately to make sure that we maintain legal compliance
02:21
to serve our customers best. Whatever those may be,
02:23
we want to make sure that employees understand what we're trying to accomplish and why we're doing okay. So ultimately that's going to wrap up our section on policies, procedure standards and guidelines on. And then we'll move forward into the next chapter will be talking about the technology itself
Up Next
Policy Development

Security policy is a critical component of the design and further implementation of information systems. It outlines a set of rules and procedures that specify how the system should manage and safeguard sensitive information

Instructed By