GRC Resources
Curated list of resources for people in GRC
Posted inInformation Security
C-I-A Score Calculator Tool
A demo tool to show how to practically use the CIA triad to rate an asset.
Posted inInformation Security Resources Risk Management
Security Risk Assessment Template (Qualitative)
If you do Security Risk assessments of a qualitative nature in your organization, you could use this template for detailed risk documentation. It has pages for describing the risk, evaluating…
Posted inInformation Security
What should be considered a “change”?
The legendary Ron Ross gives some guidance.
Posted inGovernance
What is a “legacy application”?
Four criteria that can be used to classify something to be "legacy"
Posted inFeatured Information Security Resources
ISO 27001 Gap and Maturity Assessment Templates
Two useful resources for people working on ISO 27001 - a Gap Assessment and a Maturity Assessment template
Posted inInformation Security Resources
Websites to Track Security Breaches & Cyber Incidents
List of websites where you can find information about security breaches
Posted inInformation Security Statistics
Security Maturity Benchmarks
Benchmarks of other companies and industries are very useful to GRC professionals. It is a good indicator to see how leaders, competitors, and the industry overall are positioned in terms…
Posted inCareer
How to get into GRC
One of the common questions that I get from people: how someone could get into Governance, Risk, and Compliance (GRC)
Posted inInformation Security Statistics
Vulnerability Remediation: how fast should you patch?
A collection of statistics I gathered from the Internet on vulnerability remediation timelines.