RESCOR — Security, Governance, Risk Management & Compliance

RESCOR is a security, governance, risk management, and compliance firm. Quantitative risk measurement, agile SGRC, and security testing — delivered through methodologies we developed and have used continuously since 1992.

Browse services Read the STORM white paper (PDF)

Featured

View all resources →

ATRA

Advanced Total Risk Assessment

STORM integrated with AI-driven data collection and a graph-backed risk model. Audit-grade quantitative risk assessments at a fraction of the labor cost of a manual engagement.

STORM

Simplified Total Risk Management

Risk as a number instead of a label — numeric, repeatable, comparable measurements at the information cost of a qualitative assessment.

STORM/RSK White Paper

Published April 2026

The public mathematical foundations of STORM: measurement requirements, the qualitative-to-quantitative transition, and framework mapping to NIST 800-30, OCTAVE, ISO 27005, FAIR, and COBIT.

Friendly Fire

How Your Security Program Makes You Less Secure

The security industry's own orthodoxies — least privilege, maximum controls, qualitative risk — are producing worse outcomes than the threats they address. Here is the evidence.

Guerilla Security

The Martial Art of Information Security, 2026 Edition

Twenty chapters covering the Three Laws, RAPID, STORM, optimal privilege, control friction, and AI governance. The practitioner's reference, in continuous publication since 1994.

StrongCOR

Subscription-model SGRC

Ongoing security, governance, risk, and compliance support at a flat monthly rate. Pick the services that fit your program, adjust as it grows. RAPID cycles on schedule.

Cyber Security

Featured

ATRA

STORM

STORM/RSK White Paper

Friendly Fire

Guerilla Security

StrongCOR

Services & Support

Industry Specialties

Resources

Innovation