close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel

Keywords:iso

Rules & Standards RSS
Results 1 - 5 of 5
Mapping Template: ISO 27002, COBIT, PCI-DSS 1.2, FFIEC Examination Handbooks
Issuer: BITS
TagsBITSISO 27001ISO 27002COBITPCIFFIEC
Country Multi

This document provides a linkage between the Shared Assessments Standardized Information Gathering (SIG) Questionnaire and certain federal regulatory requirements and international standards. This linkage is presented in the form of a "map" that highlight ...

Category:* Maps & Crosswalks
ReviewRecommendPrintVisitReportClaim
ISO/TR 26122:2008, Information and documentation – Work process analysis for records
Issuer: ISO
Tagsrecordsdocumentationiso
Country Multi

ISO/TR 26122:2008 provides guidance and assessment questions to help organizations analyze work process associated with the creation, capture and control of organizational records. The standard identifies two types of analysis: 1. Functional analysi ...

Category:Records, Content & Data Management
ReviewRecommendPrintVisitReportClaim
Measuring the Effectiveness of Security using ISO 27001
Issuer: IWS
TagssecuritymetricsmeasurementIWSISO 27001ISO 27004
Country Multi

ISO 27001 builds on BS 7799 with much more guidance on information security measurement and metrics. This paper complements the ISO/IEC standard for information security management systems by exploring: 1) security measurement objectives, 2) what security ...

Category:Measurement & Metrics
ReviewRecommendPrintVisitReportClaim
Measuring Security Tutorial by Dan Geer
Issuer: Geer
Tagssecurityriskinfosecgeermetricsmeasurement
Country Multi

A substantive presentation describing definition, souring, application, interpretation, testing, cost effectiveness, calibration, and use of security measurement in a risk context. The presentation also provides insights on related concepts, such as st ...

Category:Measurement & Metrics
ReviewRecommendPrintVisitReportClaim
BIP 0074:2006: Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001
Issuer: BSI
TagssecurityinfosecBSImetricsmeasurement
Country Multi

This book provides guidance on the implementation of ISMS control requirements for auditing existing control implementations to help organizations preparing for certification in accordance with ISO/IEC 27001:2005 Information security management systems. R ...

Category:Measurement & Metrics
ReviewRecommendPrintVisitReportClaim

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.