NIST Special Publication 800-30 Rev. 1 provides structured guidance for conducting cybersecurity risk assessments across information systems and organizations. It supports decision-making at all levels of the risk management hierarchy by outlining methodologies to identify threats, vulnerabilities, impacts, and residual risks. The guide complements NIST SP 800-39 and serves as a foundational reference for integrating risk assessment into enterprise-wide risk management and security control selection.
Operational and Compliance Training
Access a wealth of resources including articles, whitepapers, tools, and guides to support your learning.
Category
Type
More
Difficulty Level
- Risk Management
#StopRansomware Guide: Prevention and Response Best Practices
- Published date:
- Author: Cybersecurity and Infrastructure Security Agency (CISA)
This guide from CISA, MS-ISAC, NSA, and the FBI provides actionable best practices for preventing and responding to ransomware and data extortion attacks. It includes two core parts: (1) Prevention guidance based on common attack vectors, including credential compromise and social engineering, and (2) A detailed response checklist with detection and threat hunting steps. The guide aligns recommendations with CISA’s Cross-Sector Cybersecurity Performance Goals and highlights the evolving tactics of ransomware actors, including double extortion. Ideal for IT and cybersecurity professionals across sectors.
- Data Protection and Privacy
Right to Erasure (GDPR) Request Form and Guidance
- Published date:
- Author: GDPR.EU
This resource provides a comprehensive template and legal guidance for submitting a Right to Erasure (Right to be Forgotten) request under Article 17 of the General Data Protection Regulation (GDPR). It includes a structured form to facilitate data subject requests, outlines the legal basis and exceptions for erasure, and explains when organizations are obligated—or allowed to refuse—to erase personal data. Ideal for both individuals seeking to exercise their data rights and organizations aiming to streamline compliance with GDPR obligations.
- Compliance Standards
European Cybersecurity Skills Framework (ECSF): Defining Roles, Skills, and Competencies Across the EU
- Published date:
- Author: European Union Agency for Cybersecurity (ENISA)
The European Cybersecurity Skills Framework (ECSF), developed by ENISA, is the EU’s official reference model for identifying and articulating cybersecurity professional roles and the skills, knowledge, and competencies they require. Featuring 12 role profiles, practical mappings to ESCO, NIS2, and AI domains, and a comprehensive user manual, the ECSF supports workforce planning, training design, skills attestation, and policy alignment. Widely adopted by public and private stakeholders, it underpins the Cybersecurity Skills Academy and contributes to closing the cybersecurity talent gap across the EU.
- Data Protection and Privacy
GDPR Compliance Checklist for Data Controllers
- Published date:
- Author: GDPR.eu
This practical GDPR checklist offers a comprehensive overview of key compliance areas for data controllers, including lawful data processing, data security, accountability, and privacy rights. Designed to help organizations of all sizes reduce risk and improve data protection practices, it provides actionable steps—from conducting impact assessments to managing data subject rights. While not legal advice, it serves as a valuable reference for navigating GDPR obligations and strengthening compliance posture.
- Compliance Standards
Streamlining Regulatory Obligations: ECSO Action Plan for EU Cybersecurity Alignment (2025)
- Published date:
- Author: European Cyber Security Organisation (ECSO)
Published by the European Cyber Security Organisation (ECSO) in July 2025, this Action Plan offers a roadmap to harmonise cybersecurity regulatory requirements across the EU. Focusing on incident reporting, risk management, supply chain security, and audit practices, it presents actionable recommendations to improve cross-border coordination and reduce administrative burden—particularly for SMEs. Developed through stakeholder consultations, the plan supports a more resilient, efficient, and strategically autonomous cybersecurity environment in Europe.
- Compliance Standards
ENISA Technical Implementation Guidance for NIS2 Directive
- Published date:
- Author: European Union Agency for Cybersecurity (ENISA)
This ENISA report offers technical guidance to help entities in digital infrastructures, ICT service management, and digital provider sectors comply with the NIS2 Directive. It maps out the security requirements set by the EU Regulation (EU) 2024/2690, and provides practical advice, suggested evidence, and examples to assist organizations in implementing those requirements. It is specifically aimed at private sector entities and covers topics such as risk management, incident management, certification and standards, and skills & competences.
- Compliance Standards
Acceptable Use Policy (AUP) – Framework, Templates, Best Practices, and Common Pitfalls
- Published date:
- Author: ISO-Docs
This resource explores the development and implementation of an Acceptable Use Policy (AUP) aligned with the ISO/IEC 27001:2022 standard. It outlines the purpose, scope, acceptable and prohibited uses, user responsibilities, enforcement measures, and review procedures essential for integrating the AUP into an organization’s Information Security Management System (ISMS). The document highlights the benefits of a strong AUP, such as risk reduction, improved user accountability, regulatory compliance, and enhanced operational efficiency. It also identifies common drafting and implementation pitfalls to avoid and offers practical guidance on stakeholder involvement, training, communication, and policy maintenance. Importantly, the resource includes customizable templates to help organizations develop ISO-compliant AUPs efficiently and effectively. Ideal for IT managers, CISOs, compliance teams, and security professionals.
- Compliance Standards
Digital Operational Resilience Act (DORA) for the Financial Sector
- Published date:
- Author: European Parliament and Council of the EU
This EU Regulation, formally known as Regulation (EU) 2022/2554, enacts the Digital Operational Resilience Act (DORA)—a comprehensive legal framework designed to enhance the digital operational resilience of financial entities across the European Union. Published in the Official Journal on 27 December 2022 (OJ L 333), DORA introduces unified requirements for managing ICT-related risks, testing resilience, reporting major ICT disruptions, and overseeing third-party service providers within the financial sector. The regulation entered into effect on 17 January 2025 and applies directly across all EU Member States, harmonizing previously fragmented ICT risk regulations and strengthening the EU’s financial system against cyber threats and operational disruptions.
- Data Protection and Privacy
Data Processing Agreement (DPA) Template for Controllers and Processors
- Published date:
- Author: GDPR.EU
This Data Processing Agreement (DPA) template is a customizable legal tool designed to help organizations comply with the EU General Data Protection Regulation (GDPR) when outsourcing services involving personal data processing. It formalizes the relationship between a Data Controller and a Data Processor, outlining roles, responsibilities, and legal obligations related to data protection, including data breach notification, subprocessing, data subject rights, audit rights, and cross-border data transfers. Suitable for businesses of all sizes, the DPA ensures that personal data is processed securely, lawfully, and transparently in accordance with EU data protection standards.