How to manage and document decisions (infosec.pub)

submitted 1 month ago* (last edited 1 month ago) by wop@infosec.pub to c/cybersecurity@infosec.pub

2 comments fedilink hide all child comments

Big or small, we make decisions every day. Rules, policies, processes, templates, etc.

How do you document the process and results of your decision making and track changes?

To give you some background, a lot of departments discuss certain topics every two weeks, but nothing is written down - it takes a lot of time and worse, some decisions change every two weeks.

I've been trying to fight this battle with OneNote atm and was inspired by some software change management frameworks (wild mix of things):

Each decision/problem gets a new page.

What is the question/problem?
Why is this decision necessary?
What are the pros and cons?
Which departments need to be involved? What is the scope? (department, site, country, continent, international, etc.)
What are the alternatives and consequences of not implementing?
plus changelog
plus metadata, such as parties involved, who proposed it, dates, etc.

Still a work in progress, but it is a mix of RFC, ADR, and some other frameworks.

How do you handle that?

you are viewing a single comment's thread
view the rest of the comments

[-] wop@infosec.pub 2 points 1 month ago

I'll look into it! Appreciate it, Cheers

this post was submitted on 21 Sep 2024

20 points (95.5% liked)

cybersecurity

3194 readers

9 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub