Where every claim in SecProve
comes from.
A dense reading catalog. Every claim is footnoted. Sort by source, filter by pillar, type, or recency. Built for analysts who want to see what we are standing on.
International standard for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Test your knowledge · A118 prioritized security controls organized into Implementation Groups (IG1, IG2, IG3). Practical and prescriptive — good for questions about prioritization and which controls matter most for different organization sizes.
Quantitative risk analysis framework. Provides a model for understanding, analyzing, and quantifying information risk in financial terms.
Test your knowledge · A1Guide for applying the RMF to information systems and organizations. Covers categorization, control selection, implementation, assessment, authorization, and monitoring.
Test your knowledge · A1Risk assessment methodology: threat sources, vulnerabilities, likelihood, impact. Complements 800-37. Good for questions comparing quantitative vs. qualitative risk assessment.
Test your knowledge · A1The 7-step RMF (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor). Questions should test understanding of step sequencing, roles (AO, ISSO, ISSM), and continuous monitoring vs. point-in-time assessment.
Test your knowledge · A1Quantitative risk analysis framework. Decomposes risk into Loss Event Frequency and Loss Magnitude. Questions on translating risk into business terms and comparing to qualitative methods.
Test your knowledge · A1Annual survey of cyber leaders on resilience, workforce, geopolitics, and emerging tech including AI. Excellent for leadership and strategy questions.
Ready to test what you've learned?
Our questions are built directly from these resources. Take a quiz and see how your knowledge stacks up.