Open Source SOC Tools

https://information.rapid7.com/rs/411-NAK-970/images/building-powerful-security-arsenal.pdf

Tools to Implement SANS Top 20

A few years out of date, but very cool paper.

https://www.alienvault.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-sans-top-20-security-controls-part-1/

NIST standards

800-30 - Guide for Conducing Risk Assessments
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final


800-39 - Managing Information Security Risk: Organization, Mission, and Information System View
https://csrc.nist.gov/publications/detail/sp/800-39/final

800-53 - Security and Privacy Controls for Information Systems and Organizations
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft


800-154 - Guide to Data-Centric System Threat Modeling

https://csrc.nist.gov/publications/detail/sp/800-154/draft

800-115 - Penetration Testing

800-60: Volume 1: Guide for Mapping Types of Information and Information Systems to Security Categories

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf

NIST SP 800-53A,Guide for Assessing the Security

Controls in Federal Information Systems

MITRE ATT&CK Framework

Good overview by Varonis:
https://www.varonis.com/blog/mitre-attck-framework-complete-guide/

Information Commissioner's Office (ICO) Guide to GDPR

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/

NIST Cyber Threat Modelling

https://www.mitre.org/sites/default/files/publications/pr_18-1174-ngci-cyber-threat-modeling.pdf