close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel

Keywords:standard

Rules & Standards RSS
Results 1 - 8 of 8
The Building Security In Maturity Model
Issuer: McGraw, et al.
Country Multi

The Building Security In Maturity Model (BSIMM) is designed to help you understand and plan a software security initiative. BSIMM was created through a process of understanding and analyzing real-world data from nine leading software security initiatives. ...

Category:Maturity Models
ReviewRecommendPrintVisitReportClaim
NIST Performance Measurement Guide for Information Security
Issuer: NIST
TagssecurityinfosecmetricsmeasurementNIST
Country US

This document supports the development, selection, and implementation of measures to be used at the information system and program levels. These measures indicate the effectiveness of security controls applied to information systems and supporting inf ...

Category:Measurement & Metrics
ReviewRecommendPrintReportClaim
SAMATE - Software Assurance Metrics And Tool Evaluation
Issuer: NIST
TagssecurityinfosecNISTSAMATEstandardmetricsFISMA
Country US

This project supports the US Department of Homeland Security (DHS) Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of sof ...

Category:Measurement & Metrics
ReviewRecommendPrintVisitReportClaim
Security Metrics for Process Control Systems
Issuer: Sandia
TagssecurityinfosecmetricsmeasurementSCADA
Country US

This document describes the foundations of metrics, discusses application of these metrics to control system environments, introduces a metrics taxonomy, and suggests usage of metrics to achieve operational excellence. The security metrics work package ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
Quantitative Assessment of Operational Security: Models and Tools
Issuer: CNRS
Tagssecurityinfosecmetricsmeasurement
Country Multi

This paper proposes a novel approach to help computing system administrators in monitoring the security of their systems. This approach is based on modeling the system as a privilege graph exhibiting operational security vulnerabilities and on transf ...

Category:Measurement & Metrics
ReviewRecommendPrintReportClaim
Health IT Test Methods: Draft Test Procedures
Issuer: NIST
TagsNISTHHShealth ITHITtesting
Country US

To encourage a more widespread adoption of interoperable health information technology, The American Recovery and Reinvestment Act of 2009 calls for the Office of the National Coordinator (ONC) for Health IT, in consultation with NIST, to recognize a prog ...

Category:Development & Architecture, Technical
ReviewRecommendPrintVisitReportClaim
NIST SP 800-70 Rev 2: National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
Issuer: NIST
TagsNISTsecuritychecklist
Country US

This document describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program (NCP) to find and retrieve checklists. The publication also describes the policies, procedures, and general requir ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim
NIST Specification for Asset Identification 1.1 (NISTIR 7693)
Issuer: NIST
TagsNISTsecurityasset managementstandardgovernment
Country US

Asset identification plays an important role in an organization's ability to quickly correlate different sets of information about assets. NISTIR 7693 provides the necessary constructs to uniquely identify assets based on known identifiers and/or known in ...

Category:Information & Operational Protection
ReviewRecommendPrintVisitReportClaim

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.