Skip to content
Home

Publication Type

In cybersecurity, there are different types of documents that together structure governance and compliance: laws and regulations (e.g., binding legal texts such as the EU’s General Data Protection Regulation) impose mandatory requirements and sanctions; contractual obligations translate security expectations into enforceable commitments between parties (such as security clauses in supplier agreements); standards (like ISO/IEC 27001) define certifiable best practices; frameworks (for example, the NIST Cybersecurity Framework) provide structured guidance to assess and improve security posture; guidelines offer non-binding recommendations and practical interpretation; and tools support implementation through technical or methodological means (e.g., risk assessment or vulnerability scanning tools). Together, these instruments differ in legal force, level of prescriptiveness, and operational purpose, but collectively shape an organization’s cybersecurity posture.

CIS Secure by Design: A Guide to Assessing Software Security Practices

This document is a comprehensive guide developed by the Center for Internet Security (CIS) in collaboration with SAFECode and a community of experts. It provides a practical, evaluable framework to… Read More »CIS Secure by Design: A Guide to Assessing Software Security Practices

OWASP Application Security Verification Standard (ASVS) 5.0

The OWASP Application Security Verification Standard (ASVS) is a comprehensive framework that defines security requirements for designing, developing, and testing web applications and APIs. It is organized into 14 chapters,… Read More »OWASP Application Security Verification Standard (ASVS) 5.0

MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

The MITRE Common Attack Pattern Enumeration and Classification (CAPEC) is a publicly available, comprehensive catalog that documents and categorizes common attack patterns used by adversaries to exploit software and systems.… Read More »MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9