GRC All posts regarding GRC projects. CIS_Top_18_Controls Basic writeup on CIS top 18 controls and questions for adapting them to your organisation. Inspired by the GRC Masterclass of Gerald Auger ECR Security Flaw Awareness Document Basic writeup on ECR security flaw with mitigations for security awareness. Sample_Information_Security_Policy Basic information Security Policy based on the NIST 800-53 for a demo organization.