Curated cybersecurity risk, governance, and compliance resources that are free.
- Frameworks & Standards - Control frameworks (NIST, CIS, ISO, COBIT) and security standards
- Risk Methods - Quantitative and qualitative risk analysis approaches (FAIR, NIST RMF)
- AI Security & Governance - AI security frameworks, LLM security, model risk management, and governance
- Cloud Security - Cloud infrastructure security, provider resources, and cloud-specific security challenges
- Tools & Libraries - Risk assessment tools, libraries, and GRC platforms
- Threat Modeling - Threat analysis, MITRE ATT&CK, and threat assessment resources
- Data Analysis - Data sources, visualization, and Python/R learning resources
- Vendor & Supply Chain Risk - Third-party and supply chain risk management
- Learning Resources - Training, certifications, books, and courses
- Glossary - Key terms and concepts
- Compliance Automation - Automation frameworks, GRC tools, and continuous compliance
- Information Security Testing - Security testing tools, methodologies, and resources
- Boardroom & Governance - Board reporting, executive guidance, and governance
- Maturity Models - CMMI, FISMA, C2M2, and other maturity frameworks
- News & Information Sources - Cybersecurity news, research, and industry insights
This repository is organized for readability and ease of navigation within GitHub. All resources are curated to be publicly accessible and free or open-source where possible.
For project planning and workflow files, see .github/.