Jon Camfield
Jon Camfield
We currently have a User Device Assessment method, a Network Mapping method, and a Vulnerability Scanning method. As has been discussed in a few fora, part of the "MVA" process...
https://www.eisf.eu/library/security-risk-management-a-basic-guide-for-smaller-ngos/ https://www.eisf.eu/wp-content/uploads/2017/04/EISF_Security-to-go_guide_Module-3_Risk-assessment-tool-2nd-ed.pdf https://www.eisf.eu/wp-content/uploads/2017/04/EISF_Security-to-go_guide_Module-5_NGO-security-coordination-and-other-sources-of-support-2nd-ed.pdf
Under the "classic" SAFETAG, we built a few custom, shared index templates for a minimal audit and a remote-only audit. Once the site is stable, let's recreate those using the...
While potential vulnerabilities to the site are limited, it would still be best practice to provide a security policy and contact path (leveraging github's tools/templates at https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository to do so).
For activities which have specific risks if they are executed poorly, we should find a way to flag this either generically (e.g. "dangerous: yes") or with more nuance (e.g. Risk:...
Per blog: title, preview, read more sidebar: blog titles, by year/month?
- Improve visual separation of activities (adding a horizontal line, changing the header styling to be more distinct, adding styling to the "body" of the activity (indent, left-border, light background...
Pull #392 cleans up the existing SAFETAG Curricula to better match the current flow. Some additional guidance in the introduction on the modularity of SAFETAG, the TRI approach, and providing...
Under the advanced threat method, we suggest an approach: * **In-Depth Analysis** - If malware is discovered, but cannot be identified, further analysis will be necessary. This may also trigger...
In building an audit plan, each Method being used should ideally have at least 3 activities, one from each Tech/Research/Interpersonal "bucket". (This is not always possible). The guide builder should...