Recently watched a good SANS Webcast about existing standards and their comparison. Authors compare and contrast several well known IT security standards and create a common “Collective Controls Catalog” that tries to include all the best from all standards. Thanks for the authors making this available for the public. Leaving it here. Credit SANS.
The 2022 version of the Collective Risk Model (CRM) is a community driven project. It is the result of numerous conversations between cybersecurity professionals over video conferences, dinners, in the hallways of security conferences, and over countless email exchanges. This is the first official and formal release of a simple, practical model that the community can use as a model for managing cybersecurity risks.