Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/juju4/security-recon-survey-docs

introductory or reconnaissance security survey
https://github.com/juju4/security-recon-survey-docs

Last synced: 12 days ago
JSON representation

introductory or reconnaissance security survey

Host: GitHub
URL: https://github.com/juju4/security-recon-survey-docs
Owner: juju4
Created: 2017-03-04T16:34:16.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2023-09-30T14:14:36.000Z (over 1 year ago)
Last Synced: 2024-11-07T17:40:47.225Z (2 months ago)
Size: 46.9 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

These documents are introductory or reconnaissance security survey for internal departments or partners, projects and vendors.
They are light start to initiate contact when security conditions are not pre-existing or low level.

It does not replace further assessments which should take place once contacts are identified and seed of collaboration are there. Transparency and good communication are keys to a good discussion.
Also remember that the level of security is depending on risks involved. But in a deeply interconnected world, a certain minimal level is required. One approach is to define a scale of risk and a scale of security with corresponding assessment (from survey to on-site visit and technical audit). Ideally, scale is re-evaluated on a regular basis to improve global level.

## Examples follow-up for internal units and partners

* [Google VSAQ, Vendor Security Assessment Questionnaire](https://security.googleblog.com/2016/03/scalable-vendor-security-reviews.html)
* Random regular audits, be it of infrastructure, service or application depending on context
* Regular discussions and review of past incidents, metrics and what can be improve
* Shared exercises, table-tops and simulation

## References

* [NIST Cyber Security Framework](https://www.nist.gov/cyberframework)
* [Peer Collaboration – The Next Best Practice for Third Party Risk Management, RSA2015](https://www.rsaconference.com/writable/presentations/file_upload/grm-f02-peer-collaboration-the-next-best-practice-for-third-party-risk-management.pdf)
* [PwC Viewpoint on Third Party Risk Management, Nov 2013](www.pwc.com/us/en/risk-assurance-services/assets/pwc-viewpoint-vendor-risk-management.pdf)

Cloud

* [Cloud Computing Risk Assessment, ENISA, 2009](https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment)
* [Cloud Controls Matrix v3.0.1 (10-6-16 Update)](https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/)
* [Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)](https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/)