Skip to content

allaboutgrc

GRC resources for IT, Cyber Security & Audit professionals

  • Home
  • About
  • Courses
  • Risk and Controls Database
Subscribe
Top Stories
Security Risk Assessment Template (Qualitative)
August 9, 2025
What should be considered a “change”?
June 7, 2025
What is a “legacy application”?
May 18, 2025
ISO 27001 Gap and Maturity Assessment Templates
April 26, 2025
Websites to Track Security Breaches & Cyber Incidents
April 20, 2025
Security Maturity Benchmarks
April 1, 2025
How to get into GRC
November 24, 2024
Vulnerability Remediation: how fast should you patch?
November 24, 2024
Industry Benchmarks
November 3, 2024
Security Maturity of critical infrastructure operators in Germany, 2024
November 3, 2024
Risk Register Template for Information Security
November 1, 2024
Free CIS Critical Security Controls v8 course
October 13, 2024
SAP achieves NIST CSF Tier 3
October 7, 2024
NIST CSF’s popularity
October 6, 2024
CISO stress report
October 6, 2024
Insider Threat scenarios from Carnegie Mellon
September 30, 2024
GRC function’s budget: 1% of annual revenue
September 29, 2024
Free Risk Management courses from NIST
September 25, 2024
Recommended: an NIS2 webinar from Metricstream and Deloitte
September 25, 2024
Qualitative is still king
September 25, 2024
NIST CSF 2.0 Maturity Assessment
September 22, 2024
RBI’s IT and Security Requirements
September 22, 2024
GRC tools
September 22, 2024
DORA Gap Assessment Template
September 21, 2024
Posted inFeatured Information Security Resources

Security Risk Assessment Template (Qualitative)

If you do Security Risk assessments of a qualitative nature in your organization, you could use this template for detailed risk documentation. It has pages for describing the risk, evaluating…
Continue Reading
Posted by Arun Sivadasan August 9, 2025
Posted inFeatured Information Security Resources

ISO 27001 Gap and Maturity Assessment Templates

Two useful resources for people working on ISO 27001 - a Gap Assessment and a Maturity Assessment template
Continue Reading
Posted by Arun Sivadasan April 26, 2025
Posted inCareer Featured

How to get into GRC

One of the common questions that I get from people: how someone could get into Governance, Risk, and Compliance (GRC)
Continue Reading
Posted by Arun Sivadasan November 24, 2024
Posted inFeatured Resources Risk Management

Risk Register Template for Information Security

A comprehensive Excel-based Risk Register template to track all your Information Security risks.
Continue Reading
Posted by Arun Sivadasan November 1, 2024
Posted inFeatured Resources

NIST CSF 2.0 Maturity Assessment

An easy to use tool to assess your organization's Cybersecurity Maturity using the NIST's CSF 2.0 framework.
Continue Reading
Posted by Arun Sivadasan September 22, 2024
Posted inFeatured Resources

RBI’s IT and Security Requirements

Comprehensive template that covers four regulations from Reserve Bank of India on IT and cybersecurity
Continue Reading
Posted by Arun Sivadasan September 22, 2024
Posted inFeatured Solutions

GRC tools

A comprehensive, searchable list of GRC tools, compiled from multiple reliable sources. Hopefully you will find it useful and will make your search easier.
Continue Reading
Posted by Arun Sivadasan September 22, 2024
Posted inFeatured Resources

DORA Gap Assessment Template

Simple Excel template to assess how compliance to the EU's Digital Operational Resilience Act (DORA). 
Continue Reading
Posted by Arun Sivadasan September 21, 2024
Risk Register Template for Information Security
Posted inFeatured Resources Risk Management

Risk Register Template for Information Security

A comprehensive Excel-based Risk Register template to track all your Information Security risks.
Posted by Arun Sivadasan November 1, 2024
Posted inCareer

Free CIS Critical Security Controls v8 course

A 50 min free course for beginners!
Posted by Arun Sivadasan October 13, 2024
Posted inCompliance Information Security

SAP achieves NIST CSF Tier 3

The ERP giant makes a giant leap forward with security!
Posted by Arun Sivadasan October 7, 2024
NIST CSF’s popularity
Posted inInformation Security Statistics

NIST CSF’s popularity

NIST CSF is rising in popularity and it's the only real global competitor for ISO 27001. With version 2, this probably will only accelerate.
Posted by Arun Sivadasan October 6, 2024
Posted inCareer CISO

CISO stress report

Nominet's 2020 report shows how stressful the job is. Not very encouraging for aspiring CISOs.
Posted by Arun Sivadasan October 6, 2024
Insider Threat scenarios from Carnegie Mellon
Posted inInformation Security Risk Management

Insider Threat scenarios from Carnegie Mellon

Some gems from CMU that's great for tabletop exercises and simulations
Posted by Arun Sivadasan September 30, 2024
GRC function’s budget: 1% of annual revenue
Posted inOrganization

GRC function’s budget: 1% of annual revenue

And other interesting insights from LogicGate's 2024 GRC Strategies, Teams, and Outcomes report.
Posted by Arun Sivadasan September 29, 2024
Posted inCareer Risk Management

Free Risk Management courses from NIST

Four beginner courses from NIST and all free!
Posted by Arun Sivadasan September 25, 2024
Posted inCompliance Curated

Recommended: an NIS2 webinar from Metricstream and Deloitte

A good resource for anyone who wants an intro to the NIS2 regulation
Posted by Arun Sivadasan September 25, 2024
Posted inRisk Management

Qualitative is still king

An IDC survey showed that 41% respondents still used qualitative approach for risk ranking.
Posted by Arun Sivadasan September 25, 2024

Posts pagination

Previous page 1 2 3 Next page

GRC Communities

  • StudyGRC
  • GRC Engineering Podcast
  • GRC subreddit
  • NIST Controls Discord server

Recent Posts

  • Security Risk Assessment Template (Qualitative)
  • What should be considered a “change”?
  • What is a “legacy application”?
  • ISO 27001 Gap and Maturity Assessment Templates
  • Websites to Track Security Breaches & Cyber Incidents

Category

  • Career
  • CISO
  • Compliance
  • Curated
  • Featured
  • Governance
  • Information Security
  • Organization
  • Resources
  • Risk Management
  • Solutions
  • Statistics
Search
Categories
Archives
Copyright 2025 — allaboutgrc. All rights reserved.
Scroll to Top