Episode 184: Cybersecurity Policy Development as a Journey
In episode 184 of Cybersecurity Where You Are, Sean Atkinson sits down with Brock Boggs, Director of Technology at Cityscape Schools and Multi-State Information Sharing and Analysis Center® (MS-ISAC®) member. Together, they discuss how Brock approaches cybersecurity policy development as a journey at his school.
Here are some highlights from our episode:
- 01:21. Brock's first attempt at drafting an IT security policy manual
- 04:17. Fact or fiction? How the best "written" security program doesn't always translate
- 06:35. A starting policy landscape of creating baselines for cybersecurity, ticketing, and more
- 08:40. How Brock learned about a roadmap for his school at ISAC Annual Meeting 2023
- 11:07. Lean and to the point: The second draft of Brock's IT security policy manual
- 12:37. The use of Center for Internet Security® (CIS®) policy templates to write procedures
- 19:34. How Brock used regular updates about his policy manual to secure stakeholder buy-in
- 28:42. Openness, willingness to fail, and adaptability as strengths of the community
- 31:49. Approaching cybersecurity policy development as an ever-changing journey
Resources
- CIS Critical Security Controls®
- Policy Templates
- Formalizing K-12 Cybersecurity Policies in Less Time
- Episode 163: K-12 Cybersecurity Made Practical
- Episode 176: A Cybersecurity Journey of Incremental Wins
- Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1
- CIS SecureSuite® Membership
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.