close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel

Keywords:information

Rules & Standards RSS
Results 1 - 8 of 8
IT Capability Maturity Framework (IT-CMF)
Issuer: IVI
Country Multi

Using the IT-CMF, top executives and practitioners can adopt four inter-related strategies and associated maturity curves to help manage and deliver more value from IT. The IT-CMF is the result of the synthesis of leading academic research, industry best ...

Category:Maturity Models
ReviewRecommendPrintVisitReportClaim
OASIS Cross-Enterprise Security and Privacy Authorization (XSPA)
Issuer: OASIS
TagssecurityprivacyHIPAAHi-Techhealth informationmarkupschemaXML
Country US

The Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of the Security Assertion Markup Language (SAML) for Healthcare and the XSPA Profile of the eXtensible Access Control Markup Language (XACML) enable hospitals and other service provide ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
Technical Guide: Requirements for Risk Assessment Methodologies
Issuer: The Open Group
Tagssecurityriskassessment
Country Multi

This Guide identifies and describes the key characteristics that make up any effective risk assessment methodology, thus providing a common set of criteria for evaluating any given risk assessment methodology against a clearly defined common set of essent ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
OTA Data Breach & Incident Readiness Planning Guide
Issuer: OTA
TagsInformation securitydata breachincident management
Country Multi

A framework for businesses, non-profits, and governmental agencies. Considerations should include but not be limited to preventative, containment, and reactive practices and business policies. Key components include: 1. Data Classification 2. A ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
NIST SP 800-70 Rev 2: National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Issuer: NIST
TagsNISTsecuritychecklist
Country US

This document describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program (NCP) to find and retrieve checklists. The publication also describes the policies, procedures, and general requir ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
FFIEC Supplement to Authentication in an Internet Banking Environment (FIL-50-2011)
Issuer: FFIEC
TagsFFIECFDICinformation securityinfosec
Country US

The FDIC, with the other FFIEC agencies, has issued the attached guidance, which describes updated supervisory expectations regarding customer authentication, layered security, and other controls in an increasingly hostile online environment. Financial in ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
FFIEC Guidance: Authentication in an Internet Banking Environment (FIL-103-2005)
Issuer: FFIEC
TagsFFIECFDICinformation securityinfosec
Country US

The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, “Authentication in an Internet Banking Environment.” For banks offering Internet-based financial services, the guidance describes enhanced authentication ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
NIST Specification for Asset Identification 1.1 (NISTIR 7693)
Issuer: NIST
TagsNISTsecurityasset managementstandardgovernment
Country US

Asset identification plays an important role in an organization's ability to quickly correlate different sets of information about assets. NISTIR 7693 provides the necessary constructs to uniquely identify assets based on known identifiers and/or known in ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.