Policy & Compliance
- Documentation for OpenSCAP Base
- Cloud Controls Matrix Working Group
- Penetration Testing Shouldn't be a Waste of Time - Jim Bird
- California S.B. 1386 - Wikipedia https://www.auditscripts.com/training/
FATF blacklist - Wikipedia
- The FATF blacklist was the common shorthand description for the Financial Action Task Force list of "Non-Cooperative Countries or Territories" (NCCTs) issued since 2000, which it perceived to be non-cooperative in the global fight against money laundering and terrorist financing.
- Security Assessment Guidelines for Financial Institutions
- SWIFT Customer Security Programme
- SWIFT Customer Security Controls Framework
- Sheltered Harbor FAQ
- FATF blacklist - Wikipedia
- Insider Threat
- ISO/IEC 27001 - Wikipedia
ISO/IEC 27000 family - Information security management systems
- The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
NIST Special Publication 800-series - General Information
- Publications in NIST’s Special Publication (SP) 800 series present information of interest to the computer security community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. SP 800 publications are developed to address and support the security and privacy needs of U.S. Federal Government information and information systems. NIST develops SP 800-series publications in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. Created in 1990, the series reports on the Information Technology Laboratory’s research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.
- NIST Special Publication 800-series - General Information
- Notable Malicious Occurances
Goodhart's Law - Wikipedia
- Goodhart's law is an adage named after economist Charles Goodhart, which has been phrased by Marilyn Strathern as: "When a measure becomes a target, it ceases to be a good measure." One way in which this can occur is individuals trying to anticipate the effect of a policy and then taking actions which alter its outcome.
- Goodhart's Law - Wikipedia
- Vendor Security
- NICE Cybersecurity Workforce Framework - NICCS.us-cert.gov
- Security and Privacy Controls forFederal Information Systemsand Organizations - NIST-800-53
- NIST Cybersecurity Practice Guide, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
SP 800-115: Technical Guide to Information Security Testing and Assessment
- Technical Guide to Information Security Testing and Assessment - NIST-800-115 - PDF
- The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical information security test and examination processes and procedures. These can be used for several purposes, such as finding vulnerabilities in a system or network and verifying compliance with a policy or other requirements. The guide is not intended to present a comprehensive information security testing and examination program but rather an overview of key elements of technical security testing and examination, with an emphasis on specific technical techniques, the benefits and limitations of each, and recommendations for their use.
- Information Security Risk Assessment Guidelines - mass.gov
- NIST Special Publication 800 -46 Revision 2 - Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security