AI GRC Large Language Model

ISO/IEC 27001: Information Security Management System (ISMS)

ISO/IEC 27001 provides a framework for establishing, implementing, maintaining, and continually improving an information security management system within an organization. It outlines requirements for assessing risks and implementing appropriate security controls. Source URL: ISO/IEC 27001

 

NIST Cybersecurity Framework (CSF)

Developed by the National Institute of Standards and Technology (NIST), the Cybersecurity Framework offers guidelines and best practices for organizations to manage and reduce cybersecurity risks. It consists of a set of standards, guidelines, and best practices for improving cybersecurity posture. Source URL: NIST CSF

​

GDPR (General Data Protection Regulation)

GDPR is a regulation in EU law concerning data protection and privacy for individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas, aiming to give control to individuals over their personal data and simplify the regulatory environment for international business. Source URL: GDPR

​

Business Continuity Management System (BCMS) - ISO 22301

ISO 22301 provides a framework for establishing, implementing, maintaining, and continually improving a business continuity management system within an organization. It helps organizations identify potential threats and implement resilience measures to ensure business continuity in case of disruptive incidents. Source URL: ISO 22301

Payment Card Industry Data Security Standard (PCI DSS) Description: PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Compliance with PCI DSS is mandatory for organizations handling payment card data. Source URL: PCI Security Standards Council

​

ISO/IEC 27002: Code of practice for information security controls

ISO/IEC 27002 provides guidelines and best practices for implementing information security controls. It offers a comprehensive set of controls, categorized under various domains, to address different aspects of information security management. Source URL: ISO/IEC 27002

​

COBIT (Control Objectives for Information and Related Technologies)

COBIT is a framework developed by ISACA for the governance and management of enterprise IT. It provides a set of principles, practices, analytical tools, and models to help organizations ensure effective IT governance and management. Source URL: ISACA COBIT

​

ITIL (Information Technology Infrastructure Library)

ITIL is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business. It provides a framework for organizations to deliver high-quality IT services and improve overall service delivery. Source URL: ITIL Official Site

 

RISK MANAGEMENT

ISO 31000: Risk Management

ISO 31000 provides principles, a framework, and a process for managing risk effectively within organizations. It emphasizes the importance of understanding, assessing, and treating risks to improve decision-making and achieve objectives. Source URL: ISO 31000

 

COSO ERM (Enterprise Risk Management)

COSO ERM framework offers a comprehensive approach to identifying, assessing, responding to, and monitoring risks across an organization. It aims to enhance organizational performance and create sustainable value by integrating risk management into strategic planning and day-to-day operations. Source URL: COSO ERM

 

NIST SP 800-37: Risk Management Framework (RMF) for Information Systems and Organizations

NIST SP 800-37 provides guidelines for implementing risk management processes for information systems and organizations. It outlines steps for categorizing systems, selecting security controls, implementing controls, assessing effectiveness, and authorizing systems to operate. Source URL: NIST SP 800-37

​

ANSI/ASSP Z690: Risk Management - Principles and Guidelines

ANSI/ASSP Z690 standardizes principles and guidelines for risk management across various industries and organizations. It offers a systematic approach to identifying, assessing, and managing risks to enhance decision-making and achieve objectives. Source URL: ANSI/ASSP Z690

 

ISO/IEC 31010: Risk Management - Risk Assessment Techniques

ISO/IEC 31010 provides guidance on selecting and applying risk assessment techniques. It offers a toolbox of methods for identifying, analyzing, and evaluating risks to support decision-making and risk treatment. Source URL: ISO/IEC 31010

​

PMI PMBOK Guide: Project Risk Management

The Project Management Institute's (PMI) PMBOK Guide includes a section on project risk management, which covers processes for identifying, analyzing, and responding to risks throughout the project lifecycle. It aims to increase the likelihood of project success by effectively managing uncertainties. Source URL: PMI PMBOK Guide

FAIR (Factor Analysis of Information Risk) Description: FAIR is a framework for analyzing and quantifying information risk in financial terms. It provides a structured approach to understanding, measuring, and communicating risk to facilitate more informed decision-making. Source URL: FAIR Institute

​

PCI DSS (Payment Card Industry Data Security Standard)

PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Compliance with PCI DSS is mandatory for organizations handling payment card data. Source URL: PCI Security Standards Council

​

ISO/IEC 27002: Code of practice for information security controls

ISO/IEC 27002 provides guidelines and best practices for implementing information security controls. It offers a comprehensive set of controls, categorized under various domains, to address different aspects of information security management. Source URL: ISO/IEC 27002

 

CIS Controls (Center for Internet Security Controls)

CIS Controls are a set of prioritized cybersecurity best practices developed by the Center for Internet Security. They provide specific actions that organizations can take to enhance their cybersecurity posture and defend against common cyber threats. Source URL: CIS Controls

 

HIPAA (Health Insurance Portability and Accountability Act)

HIPAA is a US legislation that sets standards for the protection of sensitive patient health information. It includes provisions for safeguarding medical records and other personal health information, ensuring their confidentiality, integrity, and availability. Source URL: HHS HIPAA