4-year mapping of nist csf, cis csc 20, and iso 27001

This four-year plan assumes you are in a hypothetical state, starting with zero security controls in place.  It assumes your goal is to fulfill the NIST CSF v1.1 framework, with an eventual goal of achieving ISO 27001:2013 compliance.  To get you there, it starts you with the CIS CSC 20v7 controls.


This work is free to use for any purpose and is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License.


This is very much a work in progress, and may contain inaccuracies.


Current version is DRAFT v0.3


For feedback, support or questions, please use the Contact page

Business Impact Analysis Lite Calculator

This is a lightweight Business Impact Analysis tool that starts with a business process or asset, and then focuses on the information technology that supports that process or asset.  The outage of the business process or loss of asset is what is being assessed, and such factors as brand damage are taken into account.  The idea is to weigh each process or asset using this calculator and to tally scores.  NOTE: the math behind the points systems WILL need to be tweaked depending upon the size and type of your business.  Brand damage may be more significant to your organization than the weighted points I allocate by default.  Additionally, revenue-related numbers might need to be adjusted. Once tweaking is complete, using this calculator consistently will generate consistent scores.  Those scores can be used to determine your highest priority business processes for Disaster Recovery, Business Continuity, Risk Management, etc.

 

This work is free to use for any purpose and is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License.


Current version is v1.2


For feedback, support or questions, please use the Contact page

Information Security Practices for Developers

This document is aimed at new developers and veteran developers who want to better understand secure coding principles and practices.  Example configurations and code snippets (.NET) are included, as well as pointers to a variety of security tools.


As with any document that contains code snippets and configuration detail, deprecation is a risk.  Such details in this document were current as of 2017 and will be revised periodically.

 

This work is free to use for any purpose and is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License.


Current version is v3.5


For feedback, support or questions, please use the Contact page