Where every claim in SecProve
comes from.

18 prioritized security controls organized into Implementation Groups (IG1, IG2, IG3). Practical and prescriptive — good for questions about prioritization and which controls matter most for different organization sizes.

EU-focused annual threat assessment. Covers ransomware, supply chain, disinformation, state-sponsored threats. Useful counterpoint to US-centric sources.

Seven phases from Reconnaissance to Actions on Objectives. Widely adopted but also widely critiqued (assumes perimeter-centric model). Good for compare/contrast with ATT&CK and Unified Kill Chain.

Annual IR data: dwell time trends, initial access vectors, detection sources. Empirical data from thousands of engagements. One of the few sources for real-world detection/response metrics.

Independent evaluations of security products against real-world attack scenarios. Good for questions about detection coverage, visibility gaps, and evaluation methodology.

Guide to computer security log management. Covers log generation, storage, analysis, and the role of logs in incident response.

Based on real red/blue team assessments. Includes default configurations, improper privilege separation, lack of network segmentation. Excellent for practical scenario questions.

Free and open-source Linux distribution for threat hunting, enterprise security monitoring, and log management.

Annual SOC operations survey: alert volumes, MTTD/MTTR, staffing challenges, tool sprawl. Vendor but based on broad survey data across SOC teams.

Annual analysis of real breach data. The gold standard for empirical questions about attack patterns, threat actor motivations, and time-to-detection. Updated annually.