TOOLS & RESOURCES – STANDARDS & FRAMEWORKS

There are an increasing number of resources available to assist organizations developing their cyber risk management programmes. These extend from the well-known NIST series of standards from the US, to the lesser-known IT-Grundschutz guides from the German Federal Office for Information Security, or the Spanish Colección administración electronic tools such as MAGERIT(Methodology for Information Systems Risk Analysis and Management). Even the UN has data security standards developed for autonomous vehicles, which may provide baseline data security guidelines for those working within autonomous object developments.

The information, files and URL’s provided here are only intended to guide viewers towards the various sources of information freely available when building the relevant policies, procedures and frameworks for enhancing cyber threat resilience. The list is not exhaustive, nor necessarily current.

Quantar’s goal is to enhance any organizations’ capabilities in identifying, quantifying and managing cyber risks and collaborates with commercial and academic entities in developing appropriate software, systems, policies, procedures and frameworks with this goal as the objective.

Where viewers are aware of other sources they believe would assist other organizations, we welcome contact at the address below in order to update and/or add to the current list.

info@quantar.tech

Quantar:

GDPR Master Document & Record Checklist

ISO27001 Master Document & Record Checklist

https://quantar.tech/wp-content/uploads/2022/08/ISF01-Master-Document-and-Record-List.pdf

PILAR:

MAGERIT – version 3.0 Methodology for Information Systems Risk Analysis and Management: Book I – The Method

MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management II – Catalogue of Elements

MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management III – Techniques

IT-Grundschutz:

Guide to Basic Protection based on IT-Grundschutz – 3 Steps to Information Security

BSI-Standard 200-2 IT-Grundschutz Methodology

BSI-Standard 200-3 IT-Grundschutz Risk Analysis

BSI-Standard 100-4 – Business Continuity Management

IT-Grundschutz Toolkit

NIST

Security Considerations in the System Development Life Cycle

NIST Security and Privacy Control Collaboration Index Template Word Doc

NIST Security and Privacy Control Collaboration Index Template XLS

NIST sp800-53r5-control-catalog XLS

NIST Reference Spreadsheet for the Workforce Framework for Cybersecurity  (NICE Framework) 800-181 R1

NIST SP800 List of Publications

https://csrc.nist.gov/publications/sp800

FEDRAMP Documents & Templates

https://www.fedramp.gov/documents-templates/

MIKE 2: Method for an Integrated Knowledge Environment

http://mike2.openmethodology.org/wiki/Information_Governance_Solution_Offering

http://mike2.openmethodology.org/wiki/MIKE2:Solution_Offerings

COBIT 5

https://www.isaca.org/resources/cobit

American Institute of Certified Public Accountants (AICPA)

Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy

Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report

The Open Group

Open FAIR Model – The Open Group Standard Risk Analysis (O-RA), Version 2.0.1

COSO

COSO Internal Control Framework –Introductory training

COSO Internal Control — Integrated Framework Diagram

ISO/BSI

Guidelines for auditing management systems

Information technology — Security techniques — Information security risk management (Draft)

Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301 (Preview)

ISO2700X Family of Patents

https://www.iso27001security.com/

PCI-DSS

Requirements and Security Assessment Procedures

PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 3.2.1

PCI DSS v3.2.1 Template for Report on Compliance

OWASP

Software Assurance Maturity Model – Assessment Toolkit

Opensource Vulnerability Scanners:

https://www.greenbone.net/en/

https://www.openvas.org/

https://www.wireshark.org/

https://npcap.com/

https://nmap.org/zenmap/

https://www.paessler.com/tools

Opensource IDS:

https://suricata.io/

https://bricata.com/blog/what-is-bro-ids/

https://snort.org/

United Nations

E/ECE/TRANS/505/Rev.3/Add.154 – Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system