# Created: 2015-06-27
Policy:

- ITIL and COBIT
    On the policy side, we might look through one of the common unified IT frameworks to get some ideas. There's one called ITIL that is quite popular; it mostly covers the processes executed by Design-PT today, and could help you ask good questions about how they do what they do.  Another framework called COBIT is more on the governance side - decision makers getting engaged at the right levels for better IT.  COBIT may help to inform some IT policy creation.  In both cases, they are detailed enough for complex organizations with big IT, but don't let that scare you -- the principles are sound, and you can draw what you need from them without drinking the whole pitcher of Kool-Aid. :)

    https://en.wikipedia.org/wiki/ITIL - a bit dry, but gives you an idea of the specific vocabulary.
    http://www.compucom.com/videos/ITIL
    https://www.isaca.org/COBIT/Documents/COBIT5-Introduction.ppt

- Policy starter kit from Kansas State:
    http://www.k-state.edu/policies/ppm/3400/
- Incident response
    https://zeltser.com/cyber-threat-intel-and-ir-report-template/

Security auditing:

- SSL Labs Server Tester
- Shodan
- dnsdumpster.com