Seamus Tuohy

This is especially important when the role of an audit could not just lead to slower adoption, but could invalidate the audit findings. When an audit is being led by...

Here is one glossary that might be useful. [Committee on National Security Systems (CNSS) Glossary](https://www.cnss.gov/CNSS/openDoc.cfm?tpYZcPJC5/4lfUDlHCFy4w==)

Most organizations that this focuses on don't have the technical capacity to process any technical content produced. The formatting of that technical content is very time consuming as well. This...

And possibly a [per-training questionnaire for when time is of the esscence](https://saferjourno.internews.org/pdf/SaferJourno_Guide.pdf#page=15)

> When handling a large-scale intrusion, incident responders often struggle with obtaining and organizing the intelligence related to the actions taken by the intruder and the targeted organization. Examining all...

Enjoyed this talk about the importance of writing when doing threat intelligence. I believe there are lessons to be transferred to risk assessment components of the reporting for SAFETAG. [Pen-To-Paper...

E.G. "While already well-stated, it may make sense that cracking a password is an unusal demonstration to be used when there is stark denial of the need for strong passwords...

This would help eliminate the Unicorn problem we are currently facing by making the auditor a facilitator, a threat assessor, and a technologist. This way we could lower the bar...

https://www.sans.org/security-resources/policies/

> Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create...