NIST CSF 2.0 Audit Checklist - Protect

Uploaded by

LeoFabio25

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (2 votes)

698 views13 pages

NIST CSF 2.0 Audit Checklist - Protect

Uploaded by

LeoFabio25

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 13

NIST CSF 2.

0 AUDIT CHECKLIST
NIST CSF 2.0 AUDIT CHECKLIST

NIST CSF 2.0 Audit Checklist

Function PROTECT (PR): Safeguards to manage the organization’s cybersecurity risks are used
Identity Management, Authentication, and Access Control (PR.AA): Access to
Category physical and logical assets is limited to authorized users, services, and hardware and
managed commensurate with the assessed risk of unauthorized access
Subcategory Audit Questionnaire Compliance Status
PR.AA-01: Identities and 1. Does the organization have a defined process for
credentials for authorized managing identities and credentials for authorized
users, services, and users, services, and hardware?
hardware are managed by 2. How does the organization ensure that identities
the organization and credentials are uniquely assigned and
accurately associated with the corresponding
users, services, or hardware?
3. What mechanisms are in place to create, modify,
disable, and revoke identities and credentials in a
timely and secure manner?
4. Does the organization maintain a centralized
repository or system for managing and storing
identities and credentials?
5. Are there processes in place to periodically review
and validate the active identities and credentials
to ensure their continued necessity and accuracy?
6. How does the organization monitor and detect the
use of unauthorized or compromised identities
and credentials?
7. Are there defined policies and procedures for the
secure handling, storage, and protection of
credentials (e.g., password policies, multi-factor
authentication, encryption)?
8. Does the organization provide training or guidance
to personnel on the proper management and use
of identities and credentials?
9. Are there clear roles and responsibilities assigned
for the management of identities and credentials
across the organization?
10. How does the organization's leadership ensure the
effectiveness of the identity and credential
management processes?
PR.AA-02: Identities are 1. Does the organization have processes in place to
proofed and bound to proof identities and bind them to credentials
credentials based on the based on the context of interactions?
context of interactions 2. What methods or techniques are used for identity
proofing (e.g., document verification, biometric
authentication, third-party identity services)?
3. How does the organization determine the
appropriate level of identity proofing required
based on the context and risk associated with
different types of interactions?
4. Are there defined procedures for securely binding
NIST CSF 2.0 AUDIT CHECKLIST

proofed identities to the corresponding

credentials?
5. Does the organization maintain records or
documentation of the identity proofing and
credential binding processes?
6. Are there mechanisms in place to detect and
prevent the use of fraudulent or compromised
identities and credentials?
PR.AA-03: Users, 1. Does the organization have processes in place to
services, and hardware authenticate users, services, and hardware before
are authenticated granting access to systems or resources?
2. What authentication mechanisms or protocols are
used (e.g., passwords, multi-factor
authentication, biometrics, digital certificates,
hardware tokens)?
3. How does the organization ensure that the
authentication mechanisms are appropriate and
commensurate with the risk associated with
different types of access or interactions?
4. Are there defined procedures for securely
managing and distributing authentication
credentials or factors to authorized users,
services, and hardware?
5. Does the organization maintain records or logs of
authentication activities for auditing and
monitoring purposes?
6. How does the organization ensure that
authentication mechanisms are consistently
applied across different systems, applications, or
environments?
7. Are there mechanisms in place to detect and
prevent unauthorized or brute-force
authentication attempts?
PR.AA-04: Identity 1. Does the organization have processes in place to
assertions are protected, protect, convey, and verify identity assertions?
conveyed, and verified 2. What mechanisms or protocols are used to ensure
the confidentiality, integrity, and authenticity of
identity assertions during transmission and
storage (e.g., encryption, digital signatures, secure
protocols)?
3. How does the organization ensure that identity
assertions are conveyed and verified in a secure
and trusted manner across different systems,
applications, or environments?
4. Are there defined procedures for managing and
validating the trust relationships between entities
involved in the exchange of identity assertions?
5. Does the organization maintain records or logs of
identity assertion activities for auditing and
monitoring purposes?
NIST CSF 2.0 AUDIT CHECKLIST

6. Are there mechanisms in place to detect and

prevent unauthorized or malicious modifications
to identity assertions?
PR.AA-05: Access 1. Does the organization have a defined policy for
permissions, managing access permissions, entitlements, and
entitlements, and authorizations?
authorizations are defined 2. How does the organization ensure that access
in a policy, managed, permissions, entitlements, and authorizations are
enforced, and reviewed, aligned with the principles of least privilege and
and incorporate the separation of duties?
principles of least 3. Are there processes in place to periodically review
privilege and separation and validate the appropriateness of access
of duties permissions, entitlements, and authorizations
based on user roles, responsibilities, and
business requirements?
4. Does the organization maintain a centralized
repository or system for managing and enforcing
access permissions, entitlements, and
authorizations across different systems and
applications?
5. How does the organization monitor and detect
unauthorized or excessive access permissions,
entitlements, or authorizations?
6. Are there defined procedures for granting,
modifying, and revoking access permissions,
entitlements, and authorizations in a timely and
secure manner?
7. Does the organization provide training or guidance
to personnel on the proper assignment and
management of access permissions,
entitlements, and authorizations?
8. Are there clear roles and responsibilities assigned
for the management and oversight of access
permissions, entitlements, and authorizations?
9. How does the organization's leadership ensure the
effectiveness and continuous improvement of the
access management processes?
10. Are there mechanisms in place to audit and report
on the compliance with the access management
policy and procedures?
PR.AA-06: Physical 1. Does the organization have processes in place to
access to assets is manage, monitor, and enforce physical access to
managed, monitored, and assets commensurate with risk?
enforced commensurate 2. How does the organization identify and classify
with risk assets that require physical access controls
based on their criticality and sensitivity?
3. What types of physical access controls are
implemented (e.g., locks, access cards,
biometrics, surveillance cameras, security
guards)?
NIST CSF 2.0 AUDIT CHECKLIST

4. Are there defined procedures for granting,

modifying, and revoking physical access
permissions to authorized personnel or visitors?
5. Does the organization maintain records or logs of
physical access activities for auditing and
monitoring purposes?
6. How does the organization monitor and detect
unauthorized physical access attempts or
breaches?
7. Are there mechanisms in place to prevent or
mitigate the consequences of unauthorized
physical access to assets?
8. Does the organization provide training or guidance
to personnel on the proper physical security
practices and access control procedures?
9. Are there clear roles and responsibilities assigned
for the management and oversight of physical
access to assets?
10. How does the organization's leadership ensure the
effectiveness and continuous improvement of the
physical access management processes?
Awareness and Training (PR.AT): The organization’s personnel are provided with
Category cybersecurity awareness and training so that they can perform their cybersecurity-
related tasks

Subcategory Audit Questionnaire Compliance Status

PR.AT-01: Personnel are 1. Does the organization have a comprehensive
provided with awareness cybersecurity awareness and training program for
and training so that they all personnel?
possess the knowledge 2. How does the organization determine the specific
and skills to perform cybersecurity knowledge and skills required for
general tasks with personnel to perform their general tasks while
cybersecurity risks in considering cybersecurity risks?
mind 3. What types of awareness and training activities
are included in the program (e.g., online courses,
classroom sessions, phishing simulations,
security advisories)?
4. Are the awareness and training materials regularly
reviewed and updated to reflect the latest
cybersecurity threats, best practices, and
organizational policies?
5. Does the organization have a mechanism to
assess the effectiveness of the awareness and
training program, such as knowledge assessments
or practical exercises?
6. Are there processes in place to track and monitor
personnel's completion of required cybersecurity
awareness and training activities?
7. How does the organization ensure that personnel
apply the acquired cybersecurity knowledge and
NIST CSF 2.0 AUDIT CHECKLIST

skills in their day-to-day tasks and decision-

making?
8. Does the organization provide refresher or ongoing
cybersecurity awareness and training to reinforce
the knowledge and skills of personnel?
9. Are there clear roles and responsibilities assigned
for the development, delivery, and oversight of the
cybersecurity awareness and training program?
10. How does the organization's leadership support
and promote the importance of cybersecurity
awareness and training among personnel?
PR.AT-02: Individuals in 1. Does the organization have a specialized
specialized roles are cybersecurity awareness and training program for
provided with awareness individuals in specialized roles (e.g., cybersecurity
and training so that they professionals, IT administrators, developers)?
possess the knowledge 2. How does the organization identify the specialized
and skills to perform roles that require advanced cybersecurity
relevant tasks with knowledge and skills to perform their tasks
cybersecurity risks in effectively?
mind 3. What types of specialized awareness and training
activities are included in the program (e.g.,
technical certifications, hands-on workshops,
threat hunting exercises)?
4. Are the specialized awareness and training
materials regularly reviewed and updated to
reflect the latest cybersecurity technologies,
techniques, and industry best practices?
5. Does the organization have a mechanism to
assess the effectiveness of the specialized
awareness and training program, such as practical
assessments or simulations?
6. Are there processes in place to track and monitor
the completion of required specialized
cybersecurity awareness and training activities?
7. How does the organization ensure that individuals
in specialized roles apply the acquired advanced
cybersecurity knowledge and skills in their day-to-
day tasks and responsibilities?
8. Does the organization provide opportunities for
continuous learning and professional
development in specialized cybersecurity areas?
9. Are there clear roles and responsibilities assigned
for the development, delivery, and oversight of the
specialized cybersecurity awareness and training
program?
10. How does the organization's leadership support
and promote the importance of specialized
cybersecurity awareness and training among
relevant personnel?
NIST CSF 2.0 AUDIT CHECKLIST

Data Security (PR.DS): Data are managed consistent with the organization’s risk
Category strategy to protect the confidentiality, integrity, and availability of information

Subcategory Audit Questionnaire Compliance Status

PR.DS-01: The 1. Does the organization have processes and
confidentiality, integrity, controls in place to protect the confidentiality,
and availability of data-at- integrity, and availability of data-at-rest?
rest are protected 2. What types of data are considered "data-at-rest"
(e.g., data stored on servers, databases, storage
systems, backups, archives)?
3. How does the organization classify and identify
sensitive or critical data-at-rest that requires
additional protection measures?
4. What mechanisms are used to protect the
confidentiality of data-at-rest (e.g., encryption,
access controls, data masking)?
5. What mechanisms are used to protect the integrity
of data-at-rest (e.g., digital signatures, hash
functions, access controls)?
6. What mechanisms are used to ensure the
availability of data-at-rest (e.g., redundancy, fault
tolerance, backup and recovery processes)?
7. Are there defined processes for securely managing
and rotating encryption keys or other data
protection mechanisms for data-at-rest?
8. How does the organization monitor and detect
unauthorized access or modifications to data-at-
rest?
9. Are there defined roles and responsibilities for the
management and protection of data-at-rest
across the organization?
PR.DS-02: The 1. Does the organization have processes and
confidentiality, integrity, controls in place to protect the confidentiality,
and availability of data-in- integrity, and availability of data-in-transit?
transit are protected 2. What types of data flows are considered "data-in-
transit" (e.g., network communications, file
transfers, remote access, cloud services)?
3. How does the organization identify and classify
sensitive or critical data-in-transit that requires
additional protection measures?
4. What mechanisms are used to protect the
confidentiality of data-in-transit (e.g., encryption,
secure protocols, access controls)?
5. What mechanisms are used to protect the integrity
of data-in-transit (e.g., digital signatures, message
authentication codes, secure protocols)?
6. What mechanisms are used to ensure the
availability of data-in-transit (e.g., load balancing,
redundancy, failover mechanisms)?
7. Are there defined processes for securely managing
NIST CSF 2.0 AUDIT CHECKLIST

and rotating encryption keys or other data

protection mechanisms for data-in-transit?
8. How does the organization monitor and detect
unauthorized access or modifications to data-in-
transit?
9. Are there defined roles and responsibilities for the
management and protection of data-in-transit
across the organization?
PR.DS-10: The 1. Does the organization have processes and
confidentiality, integrity, controls in place to protect the confidentiality,
and availability of data-in- integrity, and availability of data-in-use?
use are protected 2. What types of data are considered "data-in-use"
(e.g., data processed by applications, memory-
resident data, data used in computations)?
3. How does the organization identify and classify
sensitive or critical data-in-use that requires
additional protection measures?
4. What mechanisms are used to protect the
confidentiality of data-in-use (e.g., secure
execution environments, memory protection,
access controls)?
5. What mechanisms are used to protect the integrity
of data-in-use (e.g., secure execution
environments, input validation, access controls)?
6. What mechanisms are used to ensure the
availability of data-in-use (e.g., redundancy, fault
tolerance, failure isolation)?
7. Are there defined processes for securely managing
and protecting data-in-use throughout its lifecycle
(e.g., secure coding practices, secure runtime
environments)?
8. How does the organization monitor and detect
unauthorized access or modifications to data-in-
use?
9. Are there defined roles and responsibilities for the
management and protection of data-in-use across
the organization?
NIST CSF 2.0 AUDIT CHECKLIST

PR.DS-11: Backups of 1. Does the organization have processes and

data are created, controls in place for creating, protecting,
protected, maintained, maintaining, and testing backups of data?
and teste 2. What types of data are included in the backup
processes (e.g., databases, file systems,
configurations, application data)?
3. How does the organization determine the
appropriate frequency and retention periods for
data backups based on criticality and recovery
requirements?
4. What mechanisms are used to protect the
confidentiality and integrity of backup data (e.g.,
encryption, access controls, secure storage)?
5. Are backup data stored in secure locations, both
on-site and off-site, to ensure availability in case
of disasters or incidents?
6. How does the organization monitor and ensure the
successful completion of backup processes,
including the verification of backup data integrity?
7. Are there defined processes for testing and
validating the restoration of backup data on a
regular basis?
8. Does the organization maintain documentation
and procedures for executing backup and
restoration processes?
9. Are there defined roles and responsibilities for the
management and oversight of backup and data
protection processes across the organization?
10. How does the organization's leadership ensure the
effectiveness and continuous improvement of
backup and data protection measures?
Category Technology Infrastructure Resilience (PR.IR): Security architectures are managed
with the organization’s risk strategy to protect asset confidentiality, integrity, and
availability, and organizational resilience
Subcategory Audit Questionnaire Compliance Status
PR.IR-01: Networks and 1. Does the organization have implemented controls
environments are and mechanisms to protect its networks and
protected from environments from unauthorized logical access
unauthorized logical and usage?
access and usage 2. What types of controls are in place to prevent
unauthorized access to the organization's
networks and environments (e.g., firewalls, access
control lists, network segmentation, virtual private
networks)?
3. How does the organization ensure that access to
networks and environments is granted only to
authorized users, devices, and services?
4. Are there processes in place to monitor and detect
unauthorized or suspicious network and
environment access attempts or activities?
NIST CSF 2.0 AUDIT CHECKLIST

5. Does the organization maintain logs or records of

network and environment access activities for
auditing and forensic purposes?
6. How does the organization ensure that the
network and environment access controls are
consistently applied across different locations,
systems, and infrastructure components?
7. Are there defined procedures for reviewing and
updating the network and environment access
controls to address evolving threats and changes
in the organization's risk landscape?
8. Does the organization provide training or guidance
to personnel on the proper use and protection of
networks and environments?
9. Are there clear roles and responsibilities assigned
for the management and oversight of network and
environment access controls?
PR.IR-02: The 1. Does the organization have measures in place to
organization’s technology protect its technology assets from environmental
assets are protected from threats (e.g., power outages, natural disasters,
environmental threats extreme temperatures, humidity)?
2. What types of environmental controls or
safeguards are implemented (e.g., uninterruptible
power supplies, backup generators, climate
control systems, fire suppression systems)?
3. How does the organization assess and mitigate
the potential impact of environmental threats on
its technology assets and operations?
4. Are there processes in place to monitor and detect
environmental conditions that may pose a threat
to technology assets?
5. Does the organization maintain contingency plans
or procedures for responding to environmental
incidents or disruptions?
6. How does the organization ensure that the
environmental controls and safeguards are
consistently applied across different locations and
facilities?
7. Are there defined procedures for testing,
maintaining, and updating the environmental
controls and safeguards?
8. Does the organization provide training or guidance
to personnel on the proper handling and
protection of technology assets from
environmental threats?
9. Are there clear roles and responsibilities assigned
for the management and oversight of
environmental controls and safeguards?
NIST CSF 2.0 AUDIT CHECKLIST

PR.IR-03: Mechanisms 1. Does the organization have mechanisms

are implemented to implemented to achieve resilience requirements
achieve resilience in normal and adverse situations?
requirements in normal 2. What types of resilience mechanisms are
and adverse situations implemented (e.g., redundancy, failover, load
balancing, backup and recovery, incident
response planning)?
3. How does the organization determine the
appropriate resilience requirements based on its
risk assessment and business continuity
objectives?
4. Are there processes in place to monitor and
validate the effectiveness of the implemented
resilience mechanisms?
5. Does the organization maintain documentation or
records of the resilience mechanisms and their
associated requirements?
6. How does the organization ensure that the
resilience mechanisms are consistently applied
across different systems, applications, and
infrastructure components?
7. Are there defined procedures for testing and
validating the resilience mechanisms in simulated
or controlled environments?
8. Does the organization provide training or guidance
to personnel on the proper implementation and
use of resilience mechanisms?
9. Are there clear roles and responsibilities assigned
for the management and oversight of resilience
mechanisms?
PR.IR-04: Adequate 1. Does the organization have processes in place to
resource capacity to maintain adequate resource capacity to ensure
ensure availability is availability of its systems and services?
maintained 2. What types of resources are considered in the
capacity planning process (e.g., computing power,
storage, network bandwidth, software licenses,
personnel)?
3. How does the organization assess and determine
the required resource capacity based on current
and projected workloads, usage patterns, and
growth expectations?
4. Are there mechanisms in place to monitor and
track resource utilization and capacity levels?
5. Does the organization maintain contingency plans
or procedures for responding to resource capacity
shortages or spikes in demand?
6. How does the organization ensure that resource
capacity is consistently managed across different
systems, applications, and infrastructure
components?
7. Are there defined procedures for provisioning,
NIST CSF 2.0 AUDIT CHECKLIST

scaling, and decommissioning resources to

maintain adequate capacity levels?
8. Does the organization provide training or guidance
to personnel on the proper management and
optimization of resource capacity?
9. Are there clear roles and responsibilities assigned
for the management and oversight of resource
capacity planning and maintenance?
NIST CSF 2.0 AUDIT CHECKLIST

ISO 27001 - 2022 Edition All-In-One Guide
100% (5)
ISO 27001 - 2022 Edition All-In-One Guide
276 pages
Collective Assessment Tool v2023
No ratings yet
Collective Assessment Tool v2023
200 pages
Presentation ISMS ISO IEC 27001 2022
100% (4)
Presentation ISMS ISO IEC 27001 2022
150 pages
NIST CSF Checklist Part 3
100% (1)
NIST CSF Checklist Part 3
16 pages
SOC 2 Checklist
100% (3)
SOC 2 Checklist
16 pages
PR ISO 27001 How To Use The ISMS Implementation Toolkit 2.0
100% (2)
PR ISO 27001 How To Use The ISMS Implementation Toolkit 2.0
77 pages
NIST CSF 20 Audit Checklist Part 1 - 240429 - 094544
100% (2)
NIST CSF 20 Audit Checklist Part 1 - 240429 - 094544
21 pages
Digital Transformation Roadmap
25% (4)
Digital Transformation Roadmap
128 pages
ISO 271001 - 2022 Audit Checklist Part 1, Part 2, and Part 3
100% (6)
ISO 271001 - 2022 Audit Checklist Part 1, Part 2, and Part 3
24 pages
Iso 27001 Awareness
No ratings yet
Iso 27001 Awareness
30 pages
Disaster Recovery Audit Work Program - 0
No ratings yet
Disaster Recovery Audit Work Program - 0
34 pages
NIST CSF 2.0 and ISO 27001 - 2022 (Mapping)
100% (2)
NIST CSF 2.0 and ISO 27001 - 2022 (Mapping)
11 pages
Iso 27002 Compliance Guide
100% (2)
Iso 27002 Compliance Guide
23 pages
ISO 27001 2022 Checklist 2023 P3
No ratings yet
ISO 27001 2022 Checklist 2023 P3
10 pages
ISO 27001 Metrics
100% (2)
ISO 27001 Metrics
2 pages
ISO 27001 - 2022 Audit Checklist
100% (3)
ISO 27001 - 2022 Audit Checklist
10 pages
ISO 27001-2022 Audit Checklist - Part 3
100% (1)
ISO 27001-2022 Audit Checklist - Part 3
10 pages
ISO 27001 ISMS Implementation Plan
50% (2)
ISO 27001 ISMS Implementation Plan
3 pages
ISO 27001 Controls - Audit Checklist
100% (1)
ISO 27001 Controls - Audit Checklist
9 pages
Practical Workbook - IsO27001 Lead Implementor Course
100% (2)
Practical Workbook - IsO27001 Lead Implementor Course
24 pages
CSF 2.0 Implementation Examples
No ratings yet
CSF 2.0 Implementation Examples
30 pages
ISO27k ISMS 9.2 Audit Exercise 2021 - Crib Sheet - English
50% (2)
ISO27k ISMS 9.2 Audit Exercise 2021 - Crib Sheet - English
5 pages
0 ISMS Documented Information Requirements
No ratings yet
0 ISMS Documented Information Requirements
6 pages
NIST CSF Worksheet
100% (1)
NIST CSF Worksheet
17 pages
NIST CSF 2 0 Quick Start Guides 1709049448
No ratings yet
NIST CSF 2 0 Quick Start Guides 1709049448
37 pages
NIST CSF 2 0 Audit Checklist Part 2 Identify ID 1716467086
100% (1)
NIST CSF 2 0 Audit Checklist Part 2 Identify ID 1716467086
15 pages
ISO 27001 2013 ISMS Manual PASS REVELATOR
No ratings yet
ISO 27001 2013 ISMS Manual PASS REVELATOR
30 pages
PCI - DSS - ISMS - Mapping
100% (2)
PCI - DSS - ISMS - Mapping
3 pages
Top 50 Cyber Security Interview Questions With Answers
0% (1)
Top 50 Cyber Security Interview Questions With Answers
23 pages
ISO 27001 2022 How To Conduct An ISMS Gap Analysis 1684315308
100% (11)
ISO 27001 2022 How To Conduct An ISMS Gap Analysis 1684315308
23 pages
ACSFv1 EN SG M05-1
100% (1)
ACSFv1 EN SG M05-1
67 pages
Very Important Audit - Checklist
100% (3)
Very Important Audit - Checklist
28 pages
Secure Configuration ManagementPolicy Template For CIS Control 4
100% (1)
Secure Configuration ManagementPolicy Template For CIS Control 4
19 pages
ISO 27001 Controls A Guide To Annex A
No ratings yet
ISO 27001 Controls A Guide To Annex A
9 pages
ISO 27701 Implementation Guide
100% (2)
ISO 27701 Implementation Guide
33 pages
CSCF Assessment Template For Mandatory Controls (Version2022) v1.2
No ratings yet
CSCF Assessment Template For Mandatory Controls (Version2022) v1.2
179 pages
Firewall Audit Checklist 1714246316
No ratings yet
Firewall Audit Checklist 1714246316
6 pages
Understanding The ISO 27001 Framework
100% (2)
Understanding The ISO 27001 Framework
9 pages
How To Comply With Iso 27001 2022 Security Controls Using Siem PDF
75% (4)
How To Comply With Iso 27001 2022 Security Controls Using Siem PDF
23 pages
Updates in The New Editions of ISO 27001 2022 and ISO 27002 2022 v5
100% (3)
Updates in The New Editions of ISO 27001 2022 and ISO 27002 2022 v5
52 pages
BSI 27001 Implementation Guide v2.0
100% (1)
BSI 27001 Implementation Guide v2.0
12 pages
It Security Assessment Tools
100% (1)
It Security Assessment Tools
8 pages
ISO 27002 Mapping
No ratings yet
ISO 27002 Mapping
1 page
How To Accelerate ISO 27001 Implementation
100% (2)
How To Accelerate ISO 27001 Implementation
15 pages
Policy Template Guide: NIST Cybersecurity Framework
100% (4)
Policy Template Guide: NIST Cybersecurity Framework
17 pages
Hippa and ISO Mapping
No ratings yet
Hippa and ISO Mapping
13 pages
ArmyTech ISMS Presentation
100% (2)
ArmyTech ISMS Presentation
25 pages
ISO27001:2013 Information Technology, Security Techniques & Management Systems Self Assessment Checklist
75% (4)
ISO27001:2013 Information Technology, Security Techniques & Management Systems Self Assessment Checklist
23 pages
Iso 27002 Audit Sample15
No ratings yet
Iso 27002 Audit Sample15
10 pages
Asset List For 27001 Risk Assessment EN
100% (1)
Asset List For 27001 Risk Assessment EN
3 pages
Lecture Notes On Network Security
No ratings yet
Lecture Notes On Network Security
6 pages
Implementing An ISMS: The Nine-Step Approach
100% (1)
Implementing An ISMS: The Nine-Step Approach
13 pages
Guide To Malware Reverse Engineering and Incident Response
100% (1)
Guide To Malware Reverse Engineering and Incident Response
43 pages
Cloud Risk Assessment Tool - Index: Purpose of This Tool
No ratings yet
Cloud Risk Assessment Tool - Index: Purpose of This Tool
8 pages
Self-Assessment Questionnaire D: and Attestation of Compliance
100% (2)
Self-Assessment Questionnaire D: and Attestation of Compliance
54 pages
Mu 3 Steli
No ratings yet
Mu 3 Steli
18 pages
Q2 Information Assurance and Security 1
No ratings yet
Q2 Information Assurance and Security 1
8 pages
ISO 27001 Gap Analysis Service Description
No ratings yet
ISO 27001 Gap Analysis Service Description
4 pages
Mapping of NIST CSF To ISO
No ratings yet
Mapping of NIST CSF To ISO
9 pages
Ethical Hacking Syllabus PDF
50% (2)
Ethical Hacking Syllabus PDF
2 pages
ISO27k ISMS Implementation and Certification Process v3
No ratings yet
ISO27k ISMS Implementation and Certification Process v3
2 pages
ISO 27002 Compliance Guide: 1 Detailed Controls Mapping 2 About Rapid7 7
100% (1)
ISO 27002 Compliance Guide: 1 Detailed Controls Mapping 2 About Rapid7 7
8 pages
Seven Domains of A Typical IT Infrastructure
100% (1)
Seven Domains of A Typical IT Infrastructure
7 pages
ISO27001
100% (2)
ISO27001
6 pages
Kaspersky 11
No ratings yet
Kaspersky 11
402 pages
Keys
No ratings yet
Keys
6 pages
CP R77 VPN AdminGuide
No ratings yet
CP R77 VPN AdminGuide
321 pages
Project Cyber Dawn Public
No ratings yet
Project Cyber Dawn Public
70 pages
ISO27k Controls Cross Check 2013
No ratings yet
ISO27k Controls Cross Check 2013
6 pages
Linux Kernel Security Kca09
No ratings yet
Linux Kernel Security Kca09
72 pages
Cyber Law
100% (1)
Cyber Law
23 pages
PCNSE Demo
No ratings yet
PCNSE Demo
11 pages
Data Breach 1
No ratings yet
Data Breach 1
6 pages
Activity 1.1.2 Password Protection & Authentication - Cybersecurity-2
No ratings yet
Activity 1.1.2 Password Protection & Authentication - Cybersecurity-2
34 pages
WPA-WPA2 Wi-Fi Hacking - A Step-by-Step Guide. - by Kamalesh D - Medium
No ratings yet
WPA-WPA2 Wi-Fi Hacking - A Step-by-Step Guide. - by Kamalesh D - Medium
14 pages
Visa Inc Investor Day
No ratings yet
Visa Inc Investor Day
62 pages
Seminar
No ratings yet
Seminar
21 pages
Cloud Security
No ratings yet
Cloud Security
20 pages
Sans Psychology and The Hacker Psychological Incident Handling
No ratings yet
Sans Psychology and The Hacker Psychological Incident Handling
39 pages
Automotive IoT Security - ThreatModel
No ratings yet
Automotive IoT Security - ThreatModel
14 pages
AquaNautilus - CloudNativeThreatReport - 2023
No ratings yet
AquaNautilus - CloudNativeThreatReport - 2023
23 pages
Interview Session Simulation
No ratings yet
Interview Session Simulation
9 pages
Voucher Wifi 1 Jam Pak Pelik 400 Voucher
No ratings yet
Voucher Wifi 1 Jam Pak Pelik 400 Voucher
12 pages
User ID Password Step of Login
No ratings yet
User ID Password Step of Login
1 page
Yealink Management Cloud Service Security White Paper V3.6.0.10
No ratings yet
Yealink Management Cloud Service Security White Paper V3.6.0.10
8 pages
SSL/TLS Multiple Vulnerabilities SSL 64-Bit Block Size Cipher Suites Supported (Sweet32)
No ratings yet
SSL/TLS Multiple Vulnerabilities SSL 64-Bit Block Size Cipher Suites Supported (Sweet32)
4 pages
The Official (ISC)2 Guide to the CCSP CBK
From Everand
The Official (ISC)2 Guide to the CCSP CBK
Gordon
No ratings yet
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
From Everand
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
Lewis Heuermann
No ratings yet
ISO 27001 Controls – A guide to implementing and auditing
From Everand
ISO 27001 Controls – A guide to implementing and auditing
Bridget Kenyon
No ratings yet
ISMS The Ultimate Step-By-Step Guide
From Everand
ISMS The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet