Cynation’s Shadi Razak at TechUK – How to write an information security policy1 min read

On Friday, June 3rd, CyNation delivered a well received training at Tech UK on how to write an information security policy. The course covered the main misconceptions companies, and those responsible, have when it comes to writing their policies.

One common mistake is the often adopted bottom up approach, trying to patch various policies together, instead of taking a top to bottom approach, establishing key objectives and then breaking it down into detailed policies. The course also explored various methods of writing a security policy such as the bullseye and 10 step method. Many other topics were discussed, i.e. how often policies should be reviewed and updated and how companies can ensure that policies are actually read and understood – the hardest bit.

We thank attendants for their active contributions and the good feedback we received.

Look out for more lectures from CyNation.