<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Policy on Rishipal Yadav · not your CISO</title><link>https://rishipalyadav.github.io/tags/policy/</link><description>Recent content in Policy on Rishipal Yadav · not your CISO</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>© 2026 Rishipal Yadav</copyright><lastBuildDate>Mon, 01 May 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://rishipalyadav.github.io/tags/policy/index.xml" rel="self" type="application/rss+xml"/><item><title>Measuring the Integrated Cyber Attack Surface Across US County Government Networks</title><link>https://rishipalyadav.github.io/research/cyber-attack-surface-county-governments/</link><pubDate>Mon, 01 May 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/research/cyber-attack-surface-county-governments/</guid><description>&lt;p&gt;&lt;strong&gt;Institution:&lt;/strong&gt; University of Maryland — School of Public Policy&lt;br&gt;
&lt;strong&gt;Advisor:&lt;/strong&gt; &lt;a href="https://spp.umd.edu/our-community/faculty-staff/charles-harry" target="_blank" rel="noreferrer"&gt;Prof Charles Harry →&lt;/a&gt;, School of Public Policy, UMD College Park&lt;br&gt;
&lt;strong&gt;Period:&lt;/strong&gt; Fall 2022 – Spring 2023&lt;br&gt;
&lt;strong&gt;Full paper:&lt;/strong&gt; &lt;a href="https://osf.io/hf3sn/" target="_blank" rel="noreferrer"&gt;Read on OSF →&lt;/a&gt;&lt;/p&gt;
&lt;hr&gt;

&lt;h2 class="relative group"&gt;Summary
 &lt;div id="summary" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#summary" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;
&lt;p&gt;This research developed a methodology to measure and compare the integrated cyber attack surface of US county government networks — a sector that is often overlooked in cybersecurity policy discussions despite being responsible for critical local services.&lt;/p&gt;</description></item><item><title>ChatGPT Policy for Your Organisation: The CISO's Concern</title><link>https://rishipalyadav.github.io/posts/chatgpt-policy-ciso-concern/</link><pubDate>Sun, 09 Apr 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/chatgpt-policy-ciso-concern/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/chatgpt-policy-for-your-organisation-the-cisos-concern-dcc073fa161f" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;ChatGPT has been a buzzword for some time now. Be it a new product built on top of it or another capability announcement, just when you think the hype has peaked, something new drops. And through all of it, security teams have been quietly scrambling to figure out what their policy actually is.&lt;/p&gt;
&lt;p&gt;This is not a technical breakdown of how large language models work. This is a practitioner&amp;rsquo;s take on the questions a CISO — or anyone responsible for security — needs to answer before their organisation gets too comfortable with ChatGPT in the workflow.&lt;/p&gt;</description></item></channel></rss>