TOOLS & RESOURCES – STANDARDS & FRAMEWORKS
There are an increasing number of resources available to assist organizations developing their cyber risk management programmes. These extend from the well-known NIST series of standards from the US, to the lesser-known IT-Grundschutz guides from the German Federal Office for Information Security, or the Spanish Colección administración electronic tools such as MAGERIT(Methodology for Information Systems Risk Analysis and Management). Even the UN has data security standards developed for autonomous vehicles, which may provide baseline data security guidelines for those working within autonomous object developments.
The information, files and URL’s provided here are only intended to guide viewers towards the various sources of information freely available when building the relevant policies, procedures and frameworks for enhancing cyber threat resilience. The list is not exhaustive, nor necessarily current.
Quantar’s goal is to enhance any organizations’ capabilities in identifying, quantifying and managing cyber risks and collaborates with commercial and academic entities in developing appropriate software, systems, policies, procedures and frameworks with this goal as the objective.
Where viewers are aware of other sources they believe would assist other organizations, we welcome contact at the address below in order to update and/or add to the current list.
Quantar:
GDPR Master Document & Record Checklist
ISO27001 Master Document & Record Checklist
https://quantar.tech/wp-content/uploads/2022/08/ISF01-Master-Document-and-Record-List.pdf
PILAR:
MAGERIT – version 3.0 Methodology for Information Systems Risk Analysis and Management: Book I – The Method
MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management II – Catalogue of Elements
MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management III – Techniques
IT-Grundschutz:
Guide to Basic Protection based on IT-Grundschutz – 3 Steps to Information Security
BSI-Standard 200-2 IT-Grundschutz Methodology
BSI-Standard 200-3 IT-Grundschutz Risk Analysis
BSI-Standard 100-4 – Business Continuity Management
IT-Grundschutz Toolkit
NIST
Security Considerations in the System Development Life Cycle
NIST Security and Privacy Control Collaboration Index Template Word Doc
NIST Security and Privacy Control Collaboration Index Template XLS
NIST sp800-53r5-control-catalog XLS
NIST Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework) 800-181 R1
NIST SP800 List of Publications
https://csrc.nist.gov/publications/sp800
FEDRAMP Documents & Templates
https://www.fedramp.gov/documents-templates/
MIKE 2: Method for an Integrated Knowledge Environment
http://mike2.openmethodology.org/wiki/Information_Governance_Solution_Offering
http://mike2.openmethodology.org/wiki/MIKE2:Solution_Offerings
COBIT 5
https://www.isaca.org/resources/cobit
American Institute of Certified Public Accountants (AICPA)
Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report
The Open Group
Open FAIR Model – The Open Group Standard Risk Analysis (O-RA), Version 2.0.1
COSO
COSO Internal Control Framework –Introductory training
COSO Internal Control — Integrated Framework Diagram
ISO/BSI
Guidelines for auditing management systems
Information technology — Security techniques — Information security risk management (Draft)
Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301 (Preview)
ISO2700X Family of Patents
https://www.iso27001security.com/
PCI-DSS
Requirements and Security Assessment Procedures
PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 3.2.1
PCI DSS v3.2.1 Template for Report on Compliance
OWASP
Software Assurance Maturity Model – Assessment Toolkit
Opensource Vulnerability Scanners:
https://www.paessler.com/tools
Opensource IDS:
https://bricata.com/blog/what-is-bro-ids/
United Nations
E/ECE/TRANS/505/Rev.3/Add.154 – Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system