Survival Guidance! FedRAMP and FISMA Resource for Assessing the Security Controls in Federal Information Systems and Organizations

Survival Guidance! and is making our auditor’s resource for assessing the security controls in federal information systems and organizations free. This is a resource based on the NIST 800-53A framework you may freely use to conduct your organization’s FedRAMP, HIPAA or best practice based security audits. Your results are private and the output… Read More

HORSE WIKI: The Holistic Operational Readiness Security Evaluation wiki

Looking for the HORSE Project? Look no further! Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki. We would like to invite the information security community to participate in this open community project. The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, lawyers and legal practitioners, financial… Read More

Risk Management CPM Model

I recently wrote an article about IT risk management and created several illustrations. One in particular stands by itself in terms of depicting a holistic view of the whole risk management life cycle in a critical path method model which I thought would be worth sharing. It would be useful to your ISO 27005 or… Read More

National Office for Cyberspace and H.R. 4900

A funny thing happened along the way while I was busy revising and adding content to the HORSE Wiki. My focus last week was primarily on Federal guidance such as NIST special publications and FISMA guidelines. Well apparently there are more folks tuned into that station it turns out when a very close government colleague… Read More