Scanning the Policy and Governance domain
We would like to explore which practices in the policy and governance domain have significant impact on security and privacy. We are interested in practices which are related to organisational policies, jurisdictional context and governance of software development projects.
We've put together a short starter list of domains of practice for review and discussion which includes:
This starter list covers overlapping dimensions, and is full of gaps but we hope that this discussion thread can help complete and refine it. Our aim is to regularly summarise the conversation on our website and shared understanding of the various important aspects of the space, which will guide or claims and measurement gathering efforts.