Supporting resources and content for cybersecurity Governance, Risk, and Compliance workshops and consulting.

This is a collaborative project by and for GRC professionals. Contact Katin if you would like an invite to collaborate, or just fork this repo and issue a pull request when you have contributions ready.

Here are some resources that could be useful (or have been used) in the creation of the materials here.

Github: PrivacyEngCollabSpace/tools/risk-assessment /FAIR-Privacy/

FAIR Privacy is a quantitative privacy risk framework based on FAIR (Factors Analysis in Information Risk). FAIR Privacy examines personal privacy risks (to individuals), not organizational risks. Included in this tool is a PowerPoint deck illustrating the components of FAIR Privacy and an example based a hypothetical smart lock manufacturer. In addition, an Excel spreadsheet provides a powerful risk calculator using Monte Carlo simulation.

Github: NIST Privacy Risk Assessment Methodology (PRAM)

The PRAM is a tool that applies the risk model from NISTIR 8062 and helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.