-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy path_toc.yml
More file actions
149 lines (137 loc) · 5.61 KB
/
_toc.yml
File metadata and controls
149 lines (137 loc) · 5.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
format: jb-book
root: introduction
parts:
- caption: Prevention
chapters:
- file: prevention/prevention
- file: prevention/architecturesteps
- file: prevention/simple-checklists
sections:
- file: prevention/nocx-security-checklist
- file: prevention/foss-securitycriteria
- file: prevention/reproduciblebuilds
- file: prevention/owasp-top10-checklist
- file: prevention/openSSF-scorecard
- file: prevention/linux-securitychecklist
- file: prevention/mvsp
- file: prevention/api-security-checklist
- file: prevention/csp-checklist
- file: prevention/ncp-checklists
- file: prevention/evalFOSS
- file: prevention/conciseguidefordeveloping
- file: prevention/ransomware
- file: prevention/osps-checklist
- file: prevention/simplesolutions
- file: prevention/hardening
- file: prevention/securitystandards
sections:
- file: prevention/cors
- caption: Protection
chapters:
- file: protection/security-policies
sections:
- file: protection/security-guidelines
- file: protection/iso27001
- file: protection/mattermost-security-policy
- url: https://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=2810&s=1A
title: Example of NASA
- url: https://www.vupune.ac.in/images/IT-Policies/VU_HR-IS_Policy_Ver_10.pdf
title: Example of an university
- url: https://www2.gov.bc.ca/assets/gov/british-columbians-our-governments/services-policies-for-government/information-management-technology/information-security/isp_v4.pdf
title: Example of a government
- url: https://www.etsi.org/deliver/etsi_tr/103300_103399/10330501/04.01.02_60/tr_10330501v040102p.pdf
title: ETSI Critical Security Controls for Effective Cyber Defence
- url: https://canso.org/publication/air-traffic-management-cybersecurity-policy-template/
title: Air Traffic Management Cybersecurity Policy Template
- file: protection/security-classifications
sections:
- url: https://security.berkeley.edu/data-classification-standard
title: Data Classification Standard (Berkeley)
- file: protection/dataclassification-example1
- file: protection/vulnerabilities-search
- file: protection/security-management
- url: https://nocomplexity.com/documents/securitysolutions
title: Security Solutions
- caption: Architecture
chapters:
- file: architecture/frameworks
- file: architecture/reference-architecture
- file: architecture/securitymodels
- file: architecture/attack-vectors
sections:
- file: architecture/common-attackvectors
- file: architecture/supplychainattacks
- url: https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
title: CWE Top 25 Most Dangerous Software Weaknesses
- url: https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html
title: CWE Most Important Hardware Weaknesses
- file: architecture/threadmodels
sections:
- file: architecture/stride
- url: https://security.cms.gov/learn/cms-threat-modeling-handbook
title: Threat Modeling Handbook
- url: https://www.first.org/cvss/specification-document
title: CVSS
- url: http://securitycards.cs.washington.edu/index.html
title: Security Cards
- url: https://resources.sei.cmu.edu/library/Asset-view.cfm?assetid=51546
title: OCTAVE Approach
- url: https://github.com/kubernetes/sig-security/blob/main/sig-security-external-audit/security-audit-2019/findings/Kubernetes%20Threat%20Model.pdf
title: Kubernetes Threat Model
- url: https://github.com/a13xp0p0v/linux-kernel-defence-map
title: Linux Kernel Defence Map
- file: architecture/securityprinciples
sections:
- file: architecture/mozilla_securityprinciples
- file: architecture/mozilla-dataprivacy-principles
- file: architecture/NCSC-designprinciples
- file: architecture/NCSC-zerotrustprinciples
- file: architecture/NCSC-securecommunication
- file: architecture/saltzer_designprinciples
- file: architecture/ms-zt-principles
- file: architecture/nocxprinciples
- url: https://www.ncsc.gov.uk/whitepaper/security-architecture-anti-patterns
title: Security architecture anti-patterns
- caption: Learning
chapters:
- file: learning/securitycourses
- file: learning/cybercourses
- file: securitylibrary/overview
title: Open Security Library
sections:
- file: securitylibrary/architectureandfoundational
- file: securitylibrary/cryptography
- file: securitylibrary/iot
- file: securitylibrary/privacy
- file: securitylibrary/riskmanagement
- file: securitylibrary/securecoding
- file: securitylibrary/securitytesting
- file: securitylibrary/softwareengineering
- file: learning/secure-coding
- file: learning/softwaretesting
- file: learning/trustedcomputing
- file: learning/security-references
sections:
- file: learning/cryptography
- file: learning/researchlabs
- file: learning/vulnerabilitymanagement
- url: https://nocomplexity.com/cybersecurity-conferences/
title: Security Conferences
- caption: Key Resources
chapters:
- file: generatedfiles/foundations
- file: references/governments
- file: references/securitystandards
- file: references/vulnerabilitydatabases
- file: generatedfiles/securitybydesign
- file: references/specialattacks
- caption: About
chapters:
- file: help
- file: open
- file: contributing
- file: aboutthisguide
- file: bio
- file: license
- file: sponsors
- file: about