Douglas J. Landoll. (2016). Information Security Policies, Procedures, and Standards: A Practitioner’s Reference. Auerbach Publications. Read from Chapter 4: Information Security Policy Details and to the end of 4.2: Policy Statements
Lindros, K. (2017, July 11). What is GRC and why do you need it? This resource highlights how GRC can help align IT activities to business goals, manage risk effectively, and stay on top of compliance.
Paul, J. A., & Zhang, M. (2021). Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government, and attacker. European Journal of Operational Research, 291(1), 349–364. This resource focuses on government and firm resource allocation strategies in cybersecurity risk planning.
MITRE ATT&CK. (2021). ATT&CK matrix for enterprise. This resource highlights the knowledge base of adversary tactics and techniques based on real-world observations, which is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
SANS Institute Provides Guidance on Improving Cyber Defense Using the MITRE ATT&CK Framework. (2020, July 13). PR Newswire. This resource covers recommended methods of leveraging the MITRE ATTCK knowledge base to improve security operations and threat intelligence capabilities.
Williams, D. (2020). The MITRE ATT&CK Framework: Where Do You Start? This article describes the value in using the MITRE ATT&CK framework to measure the effectiveness of your organization’s ability to identify, detect, and prevent cyber intrusions. ISSA Journal, 18(9), 17–21. This resource describes the value of using the MITRE ATT&CK framework to measure the effectiveness of your organization’s ability to identify, detect, and prevent cyber intrusions.
Leow, S. (2020). Four questions about GRC solutions answered: As the world continues to change, consider leveraging technology for your GRC program. Plant Engineering, 74(9), 24–25. The resource discusses the feasibility of using technology to advance the governance, risk, and compliance (GRC) programs by companies.