Inside this Edition

Here’s what we got for you today:

• CISA's ticking clock, U.S. Congress is racing to revive an expiring law.

• Discover our new ISO 27001 DOCS section, designed as a reference guide for learners and professionals.

GRC Spotlight

CISA's Ticking Clock – Congress Races to Extend Cyber Defense

As the September 30, 2025, deadline nears for the Cybersecurity Information Sharing Act (CISA), experts warn its expiration could weaken defenses by reducing threat intelligence sharing, risking hacker exploitation. The House has advanced a revised bill, Wimwag, extending protections to 2035 with updated threats and privacy safeguards. Senate Chair Rand Paul’s push to prevent alleged censorship adds hurdles, while leaders stress collaboration benefits despite critiques of slow intel delivery, calling for better trust in partnerships.

Dear Subscribers,

We are excited to announce the launch of our brand-new ISO 27001 Docs section at GRC Lab! Now, you can access a wealth of free documentation to kickstart your journey toward ISO 27001 compliance.

Designed for learners, professionals, and organizations alike, this resource hub shall evolve to become your go-to reference for mastering information security management systems.

What’s Inside the ISO 27001 Docs Section?

Our docs cover everything you need to know to get started in the world of Information Security Management Systems. Check out these key areas:

• Information Security Fundamentals: Learn the basics of protecting information, and management systems, all grounded in the CIA triad (Confidentiality, Integrity, Availability).

• Implementation Project: Get step-by-step guidance to roll out ISO 27001 in your organization.

• Annex A: Explore security controls to safeguard your information assets.

• Certification Process: Understand the path to achieving and maintaining ISO 27001 certification.

• Career: Discover professional certifications like Lead Implementer and Lead Auditor, to take your career to the next level.

Why Choose Our Docs?

You can find a ton of information about ISO 27001 online, but it’s often fragmented and time-consuming to piece together. Our new section consolidates everything in one place, saving you effort while delivering clear, actionable insights to simplify your compliance journey.

Check it out

New YouTube Video

Most of our learners prefer video content over static texts. Our latest explanatory video is about the CIA triad, clear, concise and (hopefully) visually appealing. Feel free to have a look and subscribe to our channel.

Test your Knowledge

Today’s question is from the [CISM] curriculum:

When is it MOST appropriate to use a risk avoidance strategy?

A) When the risk is low frequency and low impact
B) When the risk is high frequency but low impact
C) When the risk is low frequency but high impact
D) When the risk is high frequency and high impact

👉 Think you know the answer? Scroll down for the solution!

Answer: The correct answer is D.

A) For low frequency and low impact risks, avoidance might be an unnecessary overreaction.
B) For high frequency but low impact risks, risk acceptance or mitigation might be more suitable.
C) For low frequency but high impact risks, risk transfer might be more appropriate.
D) For high frequency and high impact risks, avoiding the activity causing the risk is often the best course of action to protect the enterprise.