allaboutgrc

NIST CSF’s popularity

NIST CSF is rising in popularity and it's the only real global competitor for ISO 27001. With version 2, this probably will only accelerate.

Arun Sivadasan October 6, 2024

Career CISO

CISO stress report

Nominet's 2020 report shows how stressful the job is. Not very encouraging for aspiring CISOs.

Arun Sivadasan October 6, 2024

Information Security Risk Management

Insider Threat scenarios from Carnegie Mellon

Some gems from CMU that's great for tabletop exercises and simulations

Arun Sivadasan September 30, 2024

Organization

GRC function’s budget: 1% of annual revenue

And other interesting insights from LogicGate's 2024 GRC Strategies, Teams, and Outcomes report.

Arun Sivadasan September 29, 2024

Career Risk Management

Free Risk Management courses from NIST

Four beginner courses from NIST and all free!

Arun Sivadasan September 25, 2024

Compliance Curated

Recommended: an NIS2 webinar from Metricstream and Deloitte

A good resource for anyone who wants an intro to the NIS2 regulation

Arun Sivadasan September 25, 2024

Risk Management

Qualitative is still king

An IDC survey showed that 41% respondents still used qualitative approach for risk ranking.

Arun Sivadasan September 25, 2024

Featured Resources

NIST CSF 2.0 Maturity Assessment

An easy to use tool to assess your organization's Cybersecurity Maturity using the NIST's CSF 2.0 framework.

Arun Sivadasan September 22, 2024

Resources

RBI’s IT and Security Requirements

Comprehensive template that covers four regulations from Reserve Bank of India on IT and cybersecurity

Arun Sivadasan September 22, 2024

Featured Solutions

GRC tools

A comprehensive, searchable list of GRC tools, compiled from multiple reliable sources. Hopefully you will find it useful and will make your search easier.

Arun Sivadasan September 22, 2024

ISO 27001 Gap and Maturity Assessment Templates

Websites to Track Security Breaches & Cyber Incidents

Security Maturity Benchmarks

How to get into GRC

Vulnerability Remediation: how fast should you patch?

Industry Benchmarks

Security Maturity of critical infrastructure operators in Germany, 2024

Risk Register Template for Information Security

Free CIS Critical Security Controls v8 course

SAP achieves NIST CSF Tier 3

NIST CSF’s popularity

CISO stress report

Insider Threat scenarios from Carnegie Mellon

GRC function’s budget: 1% of annual revenue

Free Risk Management courses from NIST

Recommended: an NIS2 webinar from Metricstream and Deloitte

Qualitative is still king

NIST CSF 2.0 Maturity Assessment

RBI’s IT and Security Requirements

GRC tools

DORA Gap Assessment Template

ISO 27001 Gap and Maturity Assessment Templates

Security Maturity Benchmarks

Risk Register Template for Information Security

NIST CSF 2.0 Maturity Assessment

NIST CSF’s popularity

CISO stress report

Insider Threat scenarios from Carnegie Mellon

GRC function’s budget: 1% of annual revenue

Free Risk Management courses from NIST

Recommended: an NIS2 webinar from Metricstream and Deloitte

Qualitative is still king

NIST CSF 2.0 Maturity Assessment

RBI’s IT and Security Requirements

GRC tools