Seamus Tuohy
Seamus Tuohy
**Add `name` and `description` fields to risk objects** Risks are currently only represented as a threat/vuln pairing with measures. The lack of a name and description element for specific risks...
**Add a reference object that holds a URL and a description which can be linked to any data object.** *I have a personal preference for a priority on adding support...
Add an option for [vocabularies (from misp-galaxies)](https://github.com/MISP/misp-galaxy/tree/master/vocabularies) to populate an attributes values from if they are present. This would make it far easier to have consistent text values in objects....
Assuming that not all auditors will be technical enough, it may be worth stating some ballpark ideas on when to involve someone who is (and how to negotiate this with...
Having a meeting with each participant to evaluate interests and level of expertise to get them warmed up and involved in the agenda from the outset. (This is obviously contingent...
First technical aid component can be introduced in some cases, when simple technical improvements could significantly improve office’s digital security level (removal of identified viruses, reinstallation of windows in order...
Educational components can be introduced in order to cover the digital security basics, satisfy the team’s expectations and motivate the target group to include digital security practices in their everyday...
In order to ensure the actual implementation of the measures suggested in the audit report and provide real assistance to the organisation (which is the essence of the project) it...
It is very desirable to involve an expert on physical security in order to ensure holistic description of threats and risks, correlating with digital security.