Skip to content
Home

Publication Type

In cybersecurity, there are different types of documents that together structure governance and compliance: laws and regulations (e.g., binding legal texts such as the EU’s General Data Protection Regulation) impose mandatory requirements and sanctions; contractual obligations translate security expectations into enforceable commitments between parties (such as security clauses in supplier agreements); standards (like ISO/IEC 27001) define certifiable best practices; frameworks (for example, the NIST Cybersecurity Framework) provide structured guidance to assess and improve security posture; guidelines offer non-binding recommendations and practical interpretation; and tools support implementation through technical or methodological means (e.g., risk assessment or vulnerability scanning tools). Together, these instruments differ in legal force, level of prescriptiveness, and operational purpose, but collectively shape an organization’s cybersecurity posture.

NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286 Rev. 1, Integrating Cybersecurity and Enterprise Risk Management (ERM), provides a strategic framework for bridging the gap between technical security operations and high-level business decision-making. It emphasizes… Read More »NIST IR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

NIST IR 8286A Rev. 1, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, serves as a specialized companion to the main framework by providing deep-dive methodologies for the initial… Read More »NIST IR 8286A Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

CIS Controls Internet of Things Companion Guide

The CIS Controls Internet of Things (IoT) Companion Guide provides detailed guidance on how to apply the cybersecurity best practices of the CIS Controls, particularly Version 8.1, to IoT environments.… Read More »CIS Controls Internet of Things Companion Guide

CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators

The CISA guidance titled “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators” provides operational technology (OT) owners and operators across critical infrastructure sectors with practical, step-by-step recommendations… Read More »CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators