Free/Opensource Tools -
- IT GRC Asset Management
Some functions can be used for technical controls to policy enforcement
OTRS http://www.otrs.com/en/
Redmine http://www.redmine.org/
Mantis http://www.mantisbt.org/ - IT GRC Risk Management-
GLPI http://www.glpi-project.org/spip.php - IT GRC integration with cloud
GRC Stack from Cloud Security Alliance https://cloudsecurityalliance.org/research/grc-stack/ - IT GRC Process Management
Pack from Microsoft - http://www.microsoft.com/en-in/download/details.aspx
( Read More: Checklist To Evaluate SIEM Vendors )
More Free Tools:
- The Open Risk & Compliance Framework and Tool - http://www.somap.org/orico/default.html
- OpenFISMA - http://openfisma.org/ (FISMA, NIST RMF)
- Binary Risk Analysis - http://binary.protect.io/app/index.html
- PTA Professional Edition Risk Assessment tool (partially free) - http://www.ptatechnologies.com/
Content Resources
- Common Controls Hub (UCF) - https://commoncontrolshub.com/ (Limited Free, Paid Content)
- Cloud Security Alliance –Consensus Assessments Initiative Questionnaire (CAIQ) https://downloads.cloudsecurityalliance.org/initiatives/cai/caiq-v3.0.1.zip
- Center for Internet Security (CIS) - https://benchmarks.cisecurity.org/
- CIS Security Metrics - https://benchmarks.cisecurity.org/downloads/browse/?category=metrics
- Policy Templates from SANS - https://www.sans.org/security-resources/policies/
- Unified Compliance Framework – http://unifiedcompliance.com/- Through GRC vendors
- Shared Assessments – SIG Questionnaire - https://sharedassessments.org/
- HITRUST CSF (Healthcare) - https://hitrustalliance.net/
- Information Shield (Security Policies) - http://www.informationshield.com
( Read More: Bad USB Defense Strategies )
Reference-
1.Extracts have been taken from IT GRC Workshop, Decision Summit, Delhi 2015 by Ravi Mishra
Comments