Skip to content

Arudjreis/manifesto

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
First Working Group Meeting - March 1, 2024.md
First Working Group Meeting - March 1, 2024.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

GRC Engineering Manifesto

Fundamental problems with "Legacy GRC"

  1. <...>
  2. <...>
  3. <...>

Purpose of GRC Engineering

<...>

Values

  • <...>

Principles

  • <...>

References (Temporary - delete before publishing)

Threat Modeling

https://www.threatmodelingmanifesto.org/

  • A culture of finding and fixing design issues over checkbox compliance.
  • People and collaboration over processes, methodologies, and tools.
  • A journey of understanding over a security or privacy snapshot.
  • Doing threat modeling over talking about it.
  • Continuous refinement over a single delivery.

DevSecOps

https://www.devsecops.org/

  • Leaning in over Always Saying “No”
  • Data & Security Science over Fear, Uncertainty and Doubt
  • Open Contribution & Collaboration over Security-Only Requirements
  • Consumable Security Services with APIs over Mandated Security Controls & Paperwork
  • Business Driven Security Scores over Rubber Stamp Security
  • Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
  • 24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident
  • Shared Threat Intelligence over Keeping Info to Ourselves
  • Compliance Operations over Clipboards & Checklists

About

No description, website, or topics provided.

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published