Developing Policies

---

• Cybersecurity managers should align policy development with any existing mechanisms within the organization
  • makes it easier for the initiative to gain traction

Key Principles for Policy Development

• Obtain input from all relevant stakeholders
  • gather perspectives from all team leaders involved
• Follow the chain of command
  • knowledge of the organizational structure is essential for success
  • be aware of formal governance lines of authority and informal mechanisms for getting things done
• Accommodate the organizational culture
  • create policies that fit the organization and the tone from leaders
• Meet internal and external requirements
  • do not contradict:
    • internal governance processes
    • external laws and regulations
• once drafted, move through the policy approval mechanism