TIM-8325

Al-Shaer, R., Spring, J. M., & Christou, E. (2020). Learning the Associations of MITRE ATT & CK Adversarial Techniques. 2020 IEEE Conference on Communications and Network Security (CNS), 1–9.
In this paper the author discusses the challenges and limitations of the MITRE ATT&CK framework.

Anders, S. B. (2020). System Organization Controls Resources. CPA Journal, 90(2), 68–69.
In this article, the author addressed the AICPA SOC reports and examinations; additionally, the author discusses the differences between financial and service organizations.

Di Giulio, C., Kamhoua, C., Campbell, R. H., Sprabery, R., Kwiat, K., & Bashir, M. N. (2017). IT Security and Privacy Standards in Comparison: Improving FedRAMP Authorization for Cloud Service Providers. Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, 1090–1099.
This paper discusses how to improve the FedRAMP authorization for cloud service providers by analyzing and comparing IT security standards, such as ISO 27001, C5, and SOC 2.

Di Giulio, C., Sprabery, R., Kamhoua, C., Kwiat, K., Campbell, R. H., & Bashir, M. N. (2017). Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security? 2017 IEEE 10th International Conference on Cloud Computing (CLOUD), 50–57.
This article details the C5 standard from the BSI-German Information Security Office in a comparison the U.S. based FedRAMP.

EUR-Lex—32016L1148—EN - EUR-Lex. (n.d.). Retrieved November 5, 2021, from https://eur-lex.europa.eu/eli/dir/2016/1148/oj
Future of FedRAMP. (n.d.). Retrieved November 5, 2021, from https://static1.squarespace.com/static/5acbb666f407b432519ab15e/t/5e4fd3bf54725e7ce0483940/1582289857151/20-120+Cybersecurity+-+FedRAMP+brochure.pdf
In this article the origins, present, and future of the FedRAMP standard is discussed by the author, including the challenges.

Howard, P. D. (2012). Official (ISC)2® Guide to the CAP® CBK® (2nd edition). Auerbach Publications.
This book explains how to combine disparate processes into a unified risk management methodology.

Lopes, I. M., Guarda, T., & Oliveira, P. (2019). How ISO 27001 Can Help Achieve GDPR Compliance. 2019 14th Iberian Conference on Information Systems and Technologies (CISTI), Information Systems and Technologies (CISTI), 2019 14th Iberian Conference On, 1–6. https://doi.org/10.23919/CISTI.2019.8760937
In this article the author steps through the ISO 27001 to show how the standard can assist with GDPR compliance.

Mirtsch, M., Kinne, J., & Blind, K. (2021). Exploring the Adoption of the International Information Security Management System Standard ISO/IEC 27001: A Web Mining-Based Analysis. IEEE Transactions on Engineering Management, Engineering Management, IEEE Transactions on, IEEE Trans. Eng. Manage., 68(1), 87–100.
In this paper, the author explores the implementation of ISO 27001 as a way organizations can manage cyber risk.

New Release C5:2020. (n.d.). Federal Office for Information Security. Retrieved November 6, 2021, from https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Criteria_Catalogue/C5_NewRelease/C5_NewRelease.html;jsessionid=252919633C4425B0A427AAE8374D02C2.internet482?nn=452202
This cloud computing compliance criteria catalogue depicts the criteria and conditions for cloud services.

Robmazz. (n.d.). Cloud Computing Compliance Controls Catalog (C5)—Microsoft Compliance. Retrieved November 5, 2021, from https://docs.microsoft.com/en-us/compliance/regulatory/offering-c5-germany
Microsoft describes in this document how their cloud services comply with the C5 standard.

Taylor, L. (2014). FedRAMP: History and Future Direction. IEEE Cloud Computing, Cloud Computing, IEEE, IEEE Cloud Comput., 1(3), 10–14. https://doi.org/10.1109/MCC.2014.54
The author discusses the origins and future of FedRAMP, including a timeline of historical milestones.

Weil, T. R. (2020). Standards for Cloud Risk Assessments-What’s Missing? 2020 IEEE Cloud Summit, 11–17.
The author provides a critical analysis on what is missing from our current ways of performing cloud assessments.