Now that the New Year has begun, we’re back in the saddle providing audit checklists and resource that we hope will help auditors and information security professionals in general with their daily jobs. There are a lot of really good resources on the web that we can take advantage of, but the trouble is who has the time to find them. It turns out we do. And as we find these resources we hope it will make your lives easier by showing you some of the audit resources that are already out there for you.

This last week our focus for the week was on security metrics and organizations that have provided resources on security metrics. More and more when we’re at conference venues we have students asking us if we have resources on security metrics. Especially students of the 20 Critical Controls have been asking us – who else is providing security metrics? Here are a few for you to consider.

We’ll post a summary again next week – or follow us live at @jamestarala and @isaudit! This week’s tweets are focused on risk management resources and checklists for evaluating risk management programs. We hope you enjoy them.

Security Metric Checklists & Security Guides:

Security Metrics from the 20 Critical Controls

The Center for Internet Security Metrics Guide (Old Link Removed)

ISECOM RAVs (Old Link Removed)

NIST 800-55

NIST IR-7502 (Old Link Removed)

We hope everyone will enjoy and use these tools this week. If you have suggestions or ideas for future audit checklists or tools, please let us know, we’d love to hear your feedback.