Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-security-GRC
Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
https://github.com/Arudjreis/awesome-security-GRC
Last synced: 3 days ago
JSON representation
-
:chart_with_upwards_trend: Risk Management
-
Risk Management Tools & Packages
-
Risk Management Frameworks (RMF)
- (COSO) - Risk-Management-Applying-the-COSO-ERM-Framework.pdf).
- Fair
- ISO/IEC JTC 1/SC 27
- ISO 31000
- ISO/TC 262
- NIST Risk Management Framework - information-security-modernization-act).
- NIST Special Publications 800-53 revision 5 - 53*B*](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53B.pdf) describe the control baselines.
- Special Publication 800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
- Special Publication 800-39: Managing Information Security Risk: Organization, Mission, and Information System View
- Special Publication 800-30 Rev. 1: Guide for Conducting Risk Assessments
- Special Publication 800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
- Special Publication 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations
- OCTAVE method
- Rapid Risk Analysis (RRA) methodology
- Threat Assessment and Remediation Analysis (TARA)
- ISO/AWI 31050 – Guidance for managing emerging risks to enhance resilience
- ISO/DIS 31073 Risk Management – Vocabulary
- ISO 31000 Risk management – Guidelines
- ISO 31000:2019 Risk Management – Risk Assessment Techniques
- ISO 31022:2020 Risk Management — Guidelines for the management of legal risk
- ISO/FDIS 31030 Travel Risk Management — Guidance for organizations
-
-
:iphone: Follow them on LinkedIn
-
:octopus: Frameworks and Regulations
- *Troy Fine*
- *AJ Yawn*
- *Minimslist Risk Management*
- *Troy Fine*
- *AJ Yawn*
- *Aron Lange*
- *Jacob Horne*
- *Ayoub Fandi* - native GRC focus.
- *The SecureWorld Sessions*
- *Cloud Security Podcast*
- *Aron Lange*
- *Ayoub Fandi* - native GRC focus.
- *Jacob Horne*
-
-
:gun: Audit & Compliance
-
:octopus: Frameworks and Regulations
- SOX
- GDPR
- PCI-DSS
- HIPAA
- FedRAMP
- FISMA
- NIST SP 800-53 Rev. 5
- NIST SP 800-171 Rev. 2
- NIST CSF
- **Security Risk Management**, *Evan Wheeler*, 2011
- **Measuring and Managing Information Risk**, *Jack Freund & Jack Jones*, 2014
- **How to Measure Anything in Cybersecurity Risk**, *Douglas Hubbard & Richard Seiersen*, 2016
- **Transformational Security Awareness**, *Perry Carpenter*, 2019
- **Foundations of Information Security**, *Jason Andress*, 2019
- **ISO 27001 controls – A guide to implementing and auditing**, *Bridget Kenyon*, 2019
- **IT Auditing Using Controls to Protect Information Assets**, *Mike Kegerreis, Mike Schiller and Chris Davis*, 2019
- **A Leader's Guide to Cybersecurity**, *Thomas J. Parenty and Jack J. Domet*, 2019
- **Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment**, *Dan Blum*, 2020
- **The Cybersecurity Manager's Guide**, *Todd Barnum*, 2021
- great foundational talk
- 80 videos focus on Risk Management and Cyber Risk Quantification,
- Quantitative Cyber Risk Analysis
- this one
- **ISO 27001 controls – A guide to implementing and auditing**, *Bridget Kenyon*, 2019
- SOC2
- Quantitative Cyber Risk Analysis
- this one
- 80 videos focus on Risk Management and Cyber Risk Quantification,
-
-
:sunglasses: Thought Leaders
-
:octopus: Frameworks and Regulations
- **Part 2**
- ***Ryan McGeehan***
- *waaaay*
- ***Phil Venables***
- *Compliance vs. Security*
- Common Control Framework
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- this podcast
- **DevOps vs. Compliance, A Guide to Having it All**
- **Part 1**
- **Part 3**
- **Part 4** - edge approach to auditors and why agility and compliance CAN live in harmony :)
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
- introduced scalability by creating **four major roles** - cloud environment**](https://medium.com/adobetech/enabling-compliance-and-governance-at-scale-in-a-multi-cloud-environment-82847ba5d341)
- Part I - the-common-controls-framework-part-ii-d010bea9bcc4). Adobe as a major SaaS provider has to have a Tech GRC program that scales accordingly and these two articles introduce the **4-layer model** used to automate security compliance
- **Strategic Technology Initiatives** - read
-
-
Security GRC Podcasts
-
:octopus: Frameworks and Regulations
- *Risk, Governance and Cyber Compliance* - Hosted by Dr. Bill Souza
- *The GRC Podcast* - Hosted by Mark Graziano
- *Risk, Governance and Cyber Compliance* - Hosted by Dr. Bill Souza
-
-
Security GRC Episodes
-
:octopus: Frameworks and Regulations
- **Is Governance the Most Important Part of GRC?**, *Defense in Depth Podcast* - Featuring David Spark, Allan Alford and special guest Mustapha Kebbeh (CISO, Brinks)
- **Should Risk Lead GRC?**, *Defense in Depth Podcast* - Featuring David Spark, Allan Alford and special guest Marnie Wilking (Head of Security and Technology Risk Management, Wayfair)
- **IT Governance**, *CISO Tradecraft Podcast* - Featuring G Mark Hardy and Ross Young
- **Cyber Frameworks**, *CISO Tradecraft Podcast* - Featuring G Mark Hardy and Ross Young
- the only resource you'll need
- **Getting Over Our "Security ≠ Compliance" Obsession**, *CISO-Security Vendor Relationship Podcast* - Featuring David Spark, Mike Johnson and special guest Chris Hymes (Head of Infosec, Riot Games)
- **Should Risk Lead GRC?**, *Defense in Depth Podcast* - Featuring David Spark, Allan Alford and special guest Marnie Wilking (Head of Security and Technology Risk Management, Wayfair)
- **Cyber Frameworks**, *CISO Tradecraft Podcast* - Featuring G Mark Hardy and Ross Young
- **Getting Over Our "Security ≠ Compliance" Obsession**, *CISO-Security Vendor Relationship Podcast* - Featuring David Spark, Mike Johnson and special guest Chris Hymes (Head of Infosec, Riot Games)
-
Categories
Sub Categories