Skip to content
This repository has been archived by the owner on Jul 17, 2024. It is now read-only.

Latest commit

 

History

History
40 lines (30 loc) · 1.26 KB

README.md

File metadata and controls

40 lines (30 loc) · 1.26 KB
Raw

GRC Engineering Manifesto

Fundamental problems with "Legacy GRC"

  1. <...>
  2. <...>
  3. <...>

Purpose of GRC Engineering

<...>

Values

  • <...>

Principles

  • <...>

References (Temporary - delete before publishing)

Threat Modeling

https://www.threatmodelingmanifesto.org/

  • A culture of finding and fixing design issues over checkbox compliance.
  • People and collaboration over processes, methodologies, and tools.
  • A journey of understanding over a security or privacy snapshot.
  • Doing threat modeling over talking about it.
  • Continuous refinement over a single delivery.

DevSecOps

https://www.devsecops.org/

  • Leaning in over Always Saying “No”
  • Data & Security Science over Fear, Uncertainty and Doubt
  • Open Contribution & Collaboration over Security-Only Requirements
  • Consumable Security Services with APIs over Mandated Security Controls & Paperwork
  • Business Driven Security Scores over Rubber Stamp Security
  • Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
  • 24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident
  • Shared Threat Intelligence over Keeping Info to Ourselves
  • Compliance Operations over Clipboards & Checklists