download

Download free Risk Assessment Audit Program Checklist. This Risk Assessment Audit Program covers detail risk that identified within Risk Analysis process and the audit procedures that should be performed such as risks that:
- Management does not have a business planning process in place that examines existing objectives and establishes new objectives when necessary.
- Management has not established business plans and budgets with realistic goals, and incentives for achievement of plans are not balanced.

Download free IT Strategic Direction Audit Checklist. This strategic audit checklist used to review the technological infrastructure plan during IT strategic management. This checklist also review the policies, procedures

Download free Vulnerability Assessment Tools and Checklists. This simple checklist could be used to help every company perform their own assessment for the IT environment and infrastructure

Information Systems Under Attack: Managing Enterprise Risk in Today's World of Sophisticated Threats and Adversaries, NIST, Gaithersburg, MD, July 2, 2008
Ron Ross, National Institute of Standards and Technology

Industrial Control System Security and NIST SP 800-53 Overview, NIST, Gaithersburg, MD, July 2, 2008
Keith Stouffer and Stuart Katzke, National Institute of Standards and Technology

Specific Security Requirements for Industrial Automation and Control Systems: Integrating ISA-99, NIST SP 800-53, and IEC TC65 WG10 (IEC 62443), (16.5 MB)
ISA EXPO 2007, Houston, TX, October 3, 2007.

Download free NIST Special Publication 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security (Second Draft); September 2007.

The final public draft of SP 800-82 is available for public comment. It provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. SP 800-82 provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities