Policies & Framework References

This section consolidates curated notes on Governance, Risk, and Compliance (GRC), as well as leading associated frameworks, including ISO 27001 and NIST CSF 2.0.

Disclaimer: All linked materials are provided for educational and professional reference purposes. Their use in operational contexts must adhere to organizational policies and authorized procedures. These documents represent internal notes; some interpretations or summaries may not fully reflect official guidance. Users are advised to consult primary sources and exercise professional judgment.

Governance, Risk & Compliance (GRC)

GRC Overview – Notes on Governance, Risk Management, and Compliance.

ISO27001

ISO 27001 — Testing Types – Overview of penetration testing types: external, internal, blind, double-blind, and targeted approaches.

NIST CSF 2.0

NIST CSF 2.0 — Governance Functions – Description of the six CSF functions: Govern, Identify, Protect, Detect, Respond, Recover, with outcomes.
NIST CSF 2.0 — Tiers & Evaluation – Explanation of implementation maturity tiers and evaluation criteria.

Notes

Policies & Framework References

Governance, Risk & Compliance (GRC)

ISO27001

NIST CSF 2.0