The Cross-Sector Cybersecurity Performance Goals (CPGs) document provides a concise, prioritized set of cybersecurity objectives designed to help organizations across various critical infrastructure sectors enhance… Read More »CISA CPG Cross-Sector Cybersecurity Performance Goals
ISO/IEC 27005 is an international standard that provides comprehensive guidelines for information security risk management, forming a key part of the ISO/IEC 27000 family of… Read More »ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection — Guidance on managing information security risks
ISO 27001 is an internationally recognized standard that provides a comprehensive framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS)… Read More »ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
NIST SP 800-161 Rev. 1, titled “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” offers comprehensive guidance for organizations to identify, assess, and… Read More »NIST SP 800-161 Rev. 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
The latest version of ISO/IEC 27002 was published on February 15, 2022. This 2022 revision replaced the previous 2013 edition and introduced significant changes including… Read More »ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls
The ANSSI guide “Recommandations relatives à l’authentification multifacteur et aux mots de passe” provides comprehensive security recommendations focused on authentication methods. It strongly advocates for… Read More »ANSSI Recommendations for Multi-Factor Authentication and Passwords
The OWASP Top Ten is a widely recognized list that highlights the ten most critical security risks facing web applications today. Updated every few years… Read More »OWASP Top Ten
NIST Special Publication 1800-26, titled “Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events,” provides a practical, standards-based reference guide to help organizations… Read More »NIST SP 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
NIST Special Publication 1800-11, titled “Data Integrity: Recovering from Ransomware and Other Destructive Events,” is a cybersecurity practice guide that demonstrates how organizations can develop… Read More »NIST SP 1800-11 Data Integrity: Recovering from Ransomware and Other Destructive Events
NIST Special Publication 800-53 (NIST SP 800-53) provides a comprehensive catalog of security and privacy controls designed to protect federal information systems and organizations from… Read More »NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations