Policies for the InfoSec industry

When: fri
Organizers Felicia Hislop Felicia Hislop

Policies provide a clear framework for an organistion to measure how it meets its strategies and obligations, whether these be regulatory, legal, people, security etc. This session will answer key questions about the develpoment and use of policies by IT Security teams.


Collaboration of ideas can make the development of policy frameworks and their use easier and more relevant to business.


  • What policies should a business have and for what purpose? (e.g. for GDPR, PCI, Physical and InfoSec, People etc.)
  • Which ones are standard across any business?
  • Which ones would the community like to share and why?
  • How to make the policy more than just a document? Do you create it based on your business today or where you would like it to get to? We will discuss the pros and cons of both approaches.


  • One page reference guide to policies best practice




Register as participant

To register as participant add Policies for the InfoSec industry to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions