CISO Resource Library
GreenHat-owned guides, control libraries, source-backed analysis, and practical security decision pages for CISOs, founders, operators, and compliance owners. Use these resources to understand the problem, then move into the related free tools when you need an artifact.
Library Model
- Resources explain decisions and operating models.
- Free tools produce questionnaires, matrices, exports, and assessments.
- News and press pages prove public credibility and link back here when action is needed.
Featured CISO Guides
Start with the highest-value GreenHat resources for current CISO search intent, then move into topic areas or tools based on the decision you need to make.
CISO Guide
Quantum Readiness Guide for CISOs
A practical CISO guide to quantum readiness, harvest-now-decrypt-later exposure, cryptographic inventory, crypto agility, vendor readiness, and PQC migration planning.
GreenHat Security / June 2026
Read Resource
CISO Guide
CPCSC Level 2 Guide for Canadian Defence Suppliers
What Canadian defence suppliers need to know about CPCSC Level 2, 98 controls, external assessment readiness, CMMC overlap, and procurement next steps.
GreenHat Security / June 2026
Read Resource
CISO Guide
How to Do a Cybersecurity Risk Assessment
A practical guide for CISOs and security leaders on scope, impact, likelihood, risk registers, 5x5 matrices, treatment decisions, and follow-through.
GreenHat Security / June 2026
Read Resource
Source-Backed Guide
AI Security Questionnaire: Risk Assessment Questions for AI Vendors
A practical GreenHat guide to AI vendor risk questions covering data access, model behavior, retention, logging, governance, and incident response.
Forbes Tech Council / June 2026
Read Resource
AI Security
Guides for AI vendor diligence, agentic AI risk, identity protection, and governance reviews.
Source-Backed Guide
AI Security Questionnaire: Risk Assessment Questions for AI Vendors
A practical GreenHat guide to AI vendor risk questions covering data access, model behavior, retention, logging, governance, and incident response.
Forbes Tech Council / June 2026
Read Resource
Research
Agentic AI Security Guide for AI Agents and Vendor Risk
A practical guide to delegated access, browser agents, prompt injection, tool permissions, AI vendor review, human approval, and identity governance.
GreenHat Security / June 2026
Read Resource
Research
DIRF: Digital Identity Protection and Clone Governance
GreenHat guide to the DIRF paper on digital identity rights, clone governance, impersonation, consent, traceability, and identity monetization.
ArXiv / June 2026
Read Resource
Canada, CPCSC, and Critical Infrastructure
Canadian regulatory, procurement, and control-library resources for security leaders.
CISO Guide
Bill C-8 for Critical Infrastructure CISOs in Canada
A practical CISO briefing on Canada's Bill C-8, critical cyber systems, incident reporting, supply-chain risk, and board-ready next steps.
GreenHat Security / June 2026
Read Resource
CISO Guide
CPCSC Level 1 Self-Assessment Guide for Canadian Defence Suppliers
A practical guide and interactive pre-check for CPCSC Level 1, the 13-control annual self-assessment, evidence, CanadaBuys proof, and Level 2 handoff signals.
GreenHat Security / June 2026
Read Resource
CISO Guide
CPCSC Level 2 Guide for Canadian Defence Suppliers
What Canadian defence suppliers need to know about CPCSC Level 2, 98 controls, external assessment readiness, CMMC overlap, and procurement next steps.
GreenHat Security / June 2026
Read Resource
Control Library
CPCSC Level 1 Control Library
Control-by-control guidance for CPCSC Level 1, including formal wording, plain-English meaning, implementation steps, evidence examples, auditor questions, and related controls.
GreenHat Security / June 2026
Read Resource
CISO Guide
CPCSC Level 2 Controls Library
Browse 98 CPCSC Level 2 controls with formal ITSP.10.171 wording, plain-English guidance, implementation steps, evidence examples, auditor questions, and related controls.
GreenHat Security / June 2026
Read Resource
Risk, Vendor, and SOC 2 Readiness
Practical guidance for risk registers, vendor reviews, SOC 2 readiness, and operating controls.
CISO Guide
How to Do a Cybersecurity Risk Assessment
A practical guide for CISOs and security leaders on scope, impact, likelihood, risk registers, 5x5 matrices, treatment decisions, and follow-through.
GreenHat Security / June 2026
Read Resource
Source-Backed Guide
How SOC 2 Has Changed for Startups Preparing for Audit
SOC 2 is no longer a checkbox exercise. Startups need better scope, evidence routines, vendor oversight, and audit independence.
Forbes Tech Council / June 2026
Read Resource
Source-Backed Guide
Build a Security Compliance Program Around Real Controls
Compliance by security means controls operate because the business needs them, not because a checklist needs a screenshot.
Forbes Tech Council / June 2026
Read Resource
CISO Guide
Why Startups Need a Fractional CISO Before Series A
A practical guide to security leadership, vendor reviews, SOC 2 readiness, and risk ownership before the first full-time security executive hire.
GreenHat Security / June 2026
Read Resource
Quantum Readiness
Post-quantum cryptography planning, crypto inventory, vendor readiness, and HNDL risk review.
Turn Guidance Into An Artifact
When a resource gives you the decision path, these tools help you create the questionnaire, matrix, assessment, or requirements map that can move the work forward.
Vendor Risk
Vendor Security Assessment Questionnaire Template
Use before granting privileged access, sensitive data sharing, or critical vendor dependency.
Open Assessment Template
Regulatory Mapping
Cybersecurity and Privacy Requirements for Your Organization
Use when leadership asks which Canadian cyber and privacy requirements apply to the organization.
Start Questionnaire
Risk Register
Cyber Risk Matrix Builder
Use when you need a leadership-ready risk register without inventing a scoring model from scratch.
Build Risk Matrix
All Resources
Browse the full GreenHat resource library when you need a specific guide, control library, or source-backed explainer.
Research
DIRF: Digital Identity Protection and Clone Governance
GreenHat guide to the DIRF paper on digital identity rights, clone governance, impersonation, consent, traceability, and identity monetization.
ArXiv / June 2026
Read Resource
Research
Agentic AI Security Guide for AI Agents and Vendor Risk
A practical guide to delegated access, browser agents, prompt injection, tool permissions, AI vendor review, human approval, and identity governance.
GreenHat Security / June 2026
Read Resource
CISO Guide
How to Do a Cybersecurity Risk Assessment
A practical guide for CISOs and security leaders on scope, impact, likelihood, risk registers, 5x5 matrices, treatment decisions, and follow-through.
GreenHat Security / June 2026
Read Resource
CISO Guide
Bill C-8 for Critical Infrastructure CISOs in Canada
A practical CISO briefing on Canada's Bill C-8, critical cyber systems, incident reporting, supply-chain risk, and board-ready next steps.
GreenHat Security / June 2026
Read Resource
CISO Guide
Quantum Readiness Guide for CISOs
A practical CISO guide to quantum readiness, harvest-now-decrypt-later exposure, cryptographic inventory, crypto agility, vendor readiness, and PQC migration planning.
GreenHat Security / June 2026
Read Resource
CISO Guide
CPCSC Level 1 Self-Assessment Guide for Canadian Defence Suppliers
A practical guide and interactive pre-check for CPCSC Level 1, the 13-control annual self-assessment, evidence, CanadaBuys proof, and Level 2 handoff signals.
GreenHat Security / June 2026
Read Resource
CISO Guide
CPCSC Level 2 Guide for Canadian Defence Suppliers
What Canadian defence suppliers need to know about CPCSC Level 2, 98 controls, external assessment readiness, CMMC overlap, and procurement next steps.
GreenHat Security / June 2026
Read Resource
Control Library
CPCSC Level 1 Control Library
Control-by-control guidance for CPCSC Level 1, including formal wording, plain-English meaning, implementation steps, evidence examples, auditor questions, and related controls.
GreenHat Security / June 2026
Read Resource
CISO Guide
CPCSC Level 2 Controls Library
Browse 98 CPCSC Level 2 controls with formal ITSP.10.171 wording, plain-English guidance, implementation steps, evidence examples, auditor questions, and related controls.
GreenHat Security / June 2026
Read Resource
Source-Backed Guide
AI Security Questionnaire: Risk Assessment Questions for AI Vendors
A practical GreenHat guide to AI vendor risk questions covering data access, model behavior, retention, logging, governance, and incident response.
Forbes Tech Council / June 2026
Read Resource
Source-Backed Guide
How SOC 2 Has Changed for Startups Preparing for Audit
SOC 2 is no longer a checkbox exercise. Startups need better scope, evidence routines, vendor oversight, and audit independence.
Forbes Tech Council / June 2026
Read Resource
Source-Backed Guide
Build a Security Compliance Program Around Real Controls
Compliance by security means controls operate because the business needs them, not because a checklist needs a screenshot.
Forbes Tech Council / June 2026
Read Resource
CISO Guide
Why Startups Need a Fractional CISO Before Series A
A practical guide to security leadership, vendor reviews, SOC 2 readiness, and risk ownership before the first full-time security executive hire.
GreenHat Security / June 2026
Read Resource