TOOLS & RESOURCES – STANDARDS & FRAMEWORKS

There are an increasing number of resources available to assist organizations developing their cyber risk management programmes. These extend from the well-known NIST series of standards from the US, to the lesser-known IT-Grundschutz guides from the German Federal Office for Information Security, or the Spanish Colección administración electronic tools such as MAGERIT(Methodology for Information Systems Risk Analysis and Management). Even the UN has data security standards developed for autonomous vehicles, which may provide baseline data security guidelines for those working within autonomous object developments.

The information, files and URL’s provided here are only intended to guide viewers towards the various sources of information freely available when building the relevant policies, procedures and frameworks for enhancing cyber threat resilience. The list is not exhaustive, nor necessarily current.

Quantar’s goal is to enhance any organizations’ capabilities in identifying, quantifying and managing cyber risks and collaborates with commercial and academic entities in developing appropriate software, systems, policies, procedures and frameworks with this goal as the objective.

Where viewers are aware of other sources they believe would assist other organizations, we welcome contact at the address below in order to update and/or add to the current list.

info@quantar.tech

Quantar:

GDPR Master Document & Record Checklist

REC_2.8-MASTER-DOCUMENT-AND-RECORD-LIST-6th-May-2018Download

ISO27001 Master Document & Record Checklist

https://quantar.tech/wp-content/uploads/2022/08/ISF01-Master-Document-and-Record-List.pdf

PILAR:

MAGERIT – version 3.0 Methodology for Information Systems Risk Analysis and Management: Book I – The Method

MAGERIT_v_3_-book_1_method_PDF_NIPO_630-14-162-0Download

MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management II – Catalogue of Elements

cat-en-v11Download

MAGERIT – version 2 Methodology for Information Systems Risk Analysis and Management III – Techniques

tech-en-v11Download

IT-Grundschutz:

Guide to Basic Protection based on IT-Grundschutz – 3 Steps to Information Security

BIS-STandard-Basic_SecurityDownload

BSI-Standard 200-2 IT-Grundschutz Methodology

bsi-standard-2002_en_pdfDownload

BSI-Standard 200-3 IT-Grundschutz Risk Analysis

bsi-standard-2003_en_Risk_AnalysisDownload

BSI-Standard 100-4 – Business Continuity Management

standard_100-4_e_BCMDownload

IT-Grundschutz Toolkit

bsi_it_gs_comp_2021_krtDownload

NIST

Security Considerations in the System Development Life Cycle

nistspecialpublication800-64r2Download

NIST Security and Privacy Control Collaboration Index Template Word Doc

sp800-53-collaboration-index-templateDownload

NIST Security and Privacy Control Collaboration Index Template XLS

sp800-53-collaboration-index-templateDownload

NIST sp800-53r5-control-catalog XLS

sp800-53r5-control-catalogDownload

NIST Reference Spreadsheet for the Workforce Framework for Cybersecurity  (NICE Framework) 800-181 R1

NIST-supplement_nice_specialty_areas_and_work_role_ksas_and_tasksDownload

NIST SP800 List of Publications

https://csrc.nist.gov/publications/sp800

FEDRAMP Documents & Templates

https://www.fedramp.gov/documents-templates/

MIKE 2: Method for an Integrated Knowledge Environment

http://mike2.openmethodology.org/wiki/Information_Governance_Solution_Offering

http://mike2.openmethodology.org/wiki/MIKE2:Solution_Offerings

COBIT 5

https://www.isaca.org/resources/cobit

American Institute of Certified Public Accountants (AICPA)

Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy

aicpa-trust-services-criteriaDownload

Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report

soc2Download

The Open Group

Open FAIR Model – The Open Group Standard Risk Analysis (O-RA), Version 2.0.1

OPEN-FAIR-Model-V2Download

COSO

COSO Internal Control Framework –Introductory training

COSO-IC-Framework-5May2020-ICAIDownload

COSO Internal Control — Integrated Framework Diagram

COSO-ICIF-11×17-CUBE-GRAPHICDownload

ISO/BSI

Guidelines for auditing management systems

BS-EN-ISO-19011-2011Download

Information technology — Security techniques — Information security risk management (Draft)

ISO-IEC-27005-2018Download

Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301 (Preview)

Preview_ISO22313-2020Download

ISO2700X Family of Patents

https://www.iso27001security.com/

PCI-DSS

Requirements and Security Assessment Procedures

PCI_DSS_v3-2-1Download

PCI DSS Quick Reference Guide
Understanding the Payment Card Industry Data Security Standard version 3.2.1

PCI_DSS-QRG-v3_2_1Download

PCI DSS v3.2.1 Template for Report on Compliance

PCI-DSS-v3_2_1-ROC-Reporting-TemplateDownload

OWASP

Software Assurance Maturity Model – Assessment Toolkit

OWASP-SAMM_Assessment_Toolbox_v2.0Download

Opensource Vulnerability Scanners:

https://www.greenbone.net/en/

https://www.openvas.org/

https://www.wireshark.org/

https://npcap.com/

https://nmap.org/zenmap/

https://www.paessler.com/tools

Opensource IDS:

https://suricata.io/

https://bricata.com/blog/what-is-bro-ids/

https://snort.org/

United Nations

E/ECE/TRANS/505/Rev.3/Add.154 – Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system

United-Nations-R155eDownload