The ISMBoK Project



Information Security Management Body of Knowledge (ISMBoK) aims to compile knowledge scattered around that might be useful for information security management professionals.

Everyone is welcome to become part of our happy family….

Click here if you can help us improve Information Security Management Body of Knowledge.
Showing 73 items
CategoryDocumentSource
Sort 
 
Sort 
 
Sort 
 
CategoryDocumentSource
Application Security 2011 CWE/SANS Top 25 Most Dangerous Software Errors MITRE Common Weakness Enumeration (CWE) 
Application Security Mobile Application Security Checklist Open Web Application Security Project (OWASP) 
Application Security OWASP Application Security Verification Standard Open Web Application Security Project (OWASP) 
Application Security OWASP Cheat Sheets (Link) Open Web Application Security Project (OWASP) 
Application Security OWASP Code Review Guide Open Web Application Security Project (OWASP) 
Application Security OWASP Internet of Things (IoT) Top 10 Open Web Application Security Project (OWASP) 
Application Security OWASP Mobile Application Security Verification Standard Open Web Application Security Project (OWASP) 
Application Security OWASP Testing Guide Open Web Application Security Project (OWASP) 
Application Security OWASP Top 10 Open Web Application Security Project (OWASP) 
Application Security OWASP Top 10 Proactive Controls For Developers Open Web Application Security Project (OWASP) 
Application Security SP-800-64-Rev2 - Security Considerations in the System Development Life Cycle National Institute of Standards and Technology 
Application Security SP-800-95 - Guide to Secure Web Services National Institute of Standards and Technology 
Business Continuity SP-800-34-rev1 - BIA template National Institute of Standards and Technology 
Business Continuity SP-800-34-rev1 - Information System Contingency Plan template high impact system National Institute of Standards and Technology 
Business Continuity SP-800-34-rev1 - Information System Contingency Plan template low impact system National Institute of Standards and Technology 
Business Continuity SP-800-34-rev1 - Information System Contingency Plan template moderate impact system National Institute of Standards and Technology 
Cloud Security Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 Cloud Security Alliance 
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR) (EU) 2016/679 EUR-Lex - Access to European Union law 
General Data Protection Regulation (GDPR) Guide to the General Data Protection Regulation (GDPR) Information Commissioner's Office 
General Data Protection Regulation (GDPR) Preparing for the General Data Protection Regulation (GDPR) Information Commissioner's Office 
Health Insurance Portability and Accountability Act (HIPAA) SP-800-66-Rev1 - An Introductory Resource Guide for Implementing the HIPAA Security Rule National Institute of Standards and Technology 
Incident Management SP-800-61-Rev2 - Computer Security Incident Handling Guide National Institute of Standards and Technology 
IT Infrastructure Security SP-800-114 - User’s Guide to Securing External Devices for Telework and Remote Access National Institute of Standards and Technology 
IT Infrastructure Security SP-800-123 - Guide to General Server Security National Institute of Standards and Technology 
IT Infrastructure Security SP-800-125-Final - Guide to Security for Full Virtualization Technologies National Institute of Standards and Technology 
IT Infrastructure Security SP-800-83-Rev1 - Guide to Malware Incident Prevention and Handling for Desktops and Laptops National Institute of Standards and Technology 
IT Infrastructure Security SP-800-92 - Guide to Computer Security Log Management National Institute of Standards and Technology 
IT Infrastructure Security SP-800-94 - Guide to Intrusion Detection and Prevention Systems National Institute of Standards and Technology 
Payment Card Industry (PCI) PCI-DSS Quick Reference Guide v3.2 PCI Security Standards Council 
Payment Card Industry (PCI) PCI-DSS Requirements and Security Assessment Procedures v3.2 PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire A and Attestation of Compliance - Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire A-EP and Attestation of Compliance - Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire B and Attestation of Compliance - Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals – No Electronic Cardholder Data Storage PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire B-IP and Attestation of Compliance - Merchants with Standalone, IP-Connected PTS Point-of-Interaction (POI) Terminals – No Electronic Cardholder Data Storage PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire C and Attestation of Compliance - Merchants with Payment Application Systems Connected to the Internet – No Electronic Cardholder Data Storage PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire C-VT and Attestation of Compliance - Merchants with Web-Based Virtual Payment Terminals – No Electronic Cardholder Data Storage PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire D and Attestation of Compliance for Merchants - All other SAQ-Eligible Merchants PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers - SAQ-Eligible Service Providers PCI Security Standards Council 
Payment Card Industry (PCI) Self-Assessment Questionnaire P2PE and Attestation of Compliance - Merchants using Hardware Payment Terminals in a PCI SSC-Listed P2PE Solution Only – No Electronic Cardholder Data Storage PCI Security Standards Council 
Privacy SP-800-122 - Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) National Institute of Standards and Technology 
Risk Management CIS Risk Assessment Method Express Edition v1.0 Center for Internet Security 
Risk Management CIS Risk Assessment Method v1.0 Center for Internet Security 
Risk Management CIS Risk Assessment Method Workbook v1.0 Center for Internet Security 
Risk Management SP-800-30-Rev1 - Guide for Conducting Risk Assessments National Institute of Standards and Technology 
Sample Documentation Sample Access Control Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Asset Management Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Business Continuity Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Compliance Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Cryptography Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Human Resource Security Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Incident Management Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Mobile Device Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Physical and Environmental Security Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Privacy Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Secure Software Development and Acquisition Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Teleworking Policy Information Security Management Body of Knowledge (ISMBoK) 
Sample Documentation Sample Third Party Engagement Policy Information Security Management Body of Knowledge (ISMBoK) 
Uncategorized An Introduction to Computer Security - The NIST Handbook National Institute of Standards and Technology 
Uncategorized Framework for Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology 
Uncategorized SP-800-111 - Guide to Storage Encryption Technologies for End User National Institute of Standards and Technology 
Uncategorized SP-800-115 - Technical Guide to Information Security Testing and Assessment National Institute of Standards and Technology 
Uncategorized SP-800-137-Final - Information Security Continuous Monitoring National Institute of Standards and Technology 
Uncategorized SP-800-144 - Guideline on Security and Privacy on Cloud National Institute of Standards and Technology 
Uncategorized SP-800-14 - Generally Accepted Principles and Practices For Securing Information Technology Systems National Institute of Standards and Technology 
Uncategorized SP-800-18-Rev1-final - Guide for Developing Security Plans for Federal Information Systems National Institute of Standards and Technology 
Uncategorized SP-800-27-RevA - Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A National Institute of Standards and Technology 
Uncategorized SP-800-28-Ver2 - Guidelines on Active Content and Mobile Code National Institute of Standards and Technology 
Uncategorized SP-800-36 - Guide to Selecting Information Technology Security Products National Institute of Standards and Technology 
Uncategorized SP-800-40-Ver2 - Creating a Patch and Vulnerability Management Program National Institute of Standards and Technology 
Uncategorized SP-800-46-Rev1 - Guide to Enterprise Telework and Remote Access Security National Institute of Standards and Technology 
Uncategorized SP-800-47 - Security Guide for Interconnecting Information Technology Systems National Institute of Standards and Technology 
Uncategorized SP-800-53-Rev4 - Security and Privacy Controls for Federal Information Systems National Institute of Standards and Technology 
Uncategorized SP-800-55-Rev1 - Performance Measurement Guide for Information Security National Institute of Standards and Technology 
Showing 73 items