How to manage and document decisions
from wop@infosec.pub to cybersecurity@infosec.pub on 21 Sep 12:24
https://infosec.pub/post/17850546

Big or small, we make decisions every day. Rules, policies, processes, templates, etc.

How do you document the process and results of your decision making and track changes?

To give you some background, a lot of departments discuss certain topics every two weeks, but nothing is written down - it takes a lot of time and worse, some decisions change every two weeks.

I’ve been trying to fight this battle with OneNote atm and was inspired by some software change management frameworks (wild mix of things):

Each decision/problem gets a new page.

Still a work in progress, but it is a mix of RFC, ADR, and some other frameworks.

How do you handle that?

#cybersecurity

threaded - newest

Nomecks@lemmy.ca on 21 Sep 14:11 collapse

It sounds like you’re working towards building change management governance, and you are potentially looking for an enterprise resource planner “ERP”. ServiceNow, Atlassian and Oodo are a few examples of these. CIO/CISO/Enterprise Architecture and IT Business organization consultants are some of the likely personas to help get this set up correctly.

Depending on the size of your shop, and since this is in cybersecurity, you may want to look at your overall IT governance structure. Gaps in your governance can lead to some big security and GRC holes and the lens of cybersecurity is the right view to drive change.

wop@infosec.pub on 22 Sep 12:41 collapse

I’ll look into it! Appreciate it, Cheers