Series
Governance Documentation
3 articles
Part 1
What's wrong with security governance documentation
Security governance documentation should steer security choices and tell you whether operations are effective. In practice, it does neither.
Part 2
From intention to impact: a four-layer model for security governance documentation
Four layers, four audiences, invariants at every level. A model for documentation that steers choices and tells you whether operations are effective.
Part 3
Governance as code
Your engineers define infrastructure as code. Your security governance lives in a Word document. The four-layer model makes it possible to close that gap.