Seamus Tuohy

[This is where you can find NIST Cybersecurity Practice Guides (Special Publication series 1800), NCCoE white papers, one-page technical briefs, and other material about the NCCoE. Search the NCCoE Library...

[BSI - Standards](https://web.archive.org/web/20160920163654/https://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.html) [BSI - Technical Guidelines](https://web.archive.org/web/20160920163736/https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TechnicalGuidelines_node.html)

[SANS security incident handling forms](https://www.sans.org/score/incident-forms) are decent and possibly useful for helping an org develop their own incident handling process.

Cases.lu has a decent document describing the [contents of a security policy](https://www.cases.lu/maitriser-la-securite.html) It is in french. It is surprisingly readable when google translated into English. It has some basic baseline...

Starting to think we should start just using wayback machine links from Internet archive since we have had link breakage recently. https://web.archive.org/web/20150528194029/https://rorypecktrust.org/resources/digital-security/digital-risk-assessment/downloads

This issue should be moved to the SAFETAG document creator repository issue cue once it is separated from this repository.

Working on addressing the current linear nature of the audit framework in the [overview overhaul branch](https://github.com/OpenInternet/SAFETAG/tree/overview_overhaul)

In addition we should add "inform staff about process" to the risk assessment process section.

We should also look at [National Information Assurance Training Standard For Risk Analysts ](https://www.cnss.gov/CNSS/openDoc.cfm?f6ATGpTjycJ41ZE3EFtfIw==)

[A decent article on travel operational security](https://sroberts.github.io/2016/01/20/travel-opsec/)