Ok so you might think I’m mad with the title but bear with me!
So, the world is in an interesting place, we’ve got a pandemic, we’ve got prolific cyber crime and we have all kinds of different views on how we should tackle this problem.
Now I love a framework and there’s ton’s of them. But the truth is they are complex, detailed, nuanced and generally require a level of nerd that a lot of organistaions do not have.
In 2020 during the pandemic I decided to try and write something to simplify this position, whilst I didn’t want to be too narrow, I wanted to try and capture the breadth of cyber security that is relevent to the general purpose organistaion. I came up with a set of 140 questions which I believe are a good take on things to consider and ask when conducting a security review at a high level. (yes 140 questions is a high level view, this stuff is complex as hell at the detailed end of things, and the devil is in the detail).
So a friend of mine asked me today where I had got to with this, so I decided it has collected virtual dust for too long, here is the first public release of the PwnDefend Cyber Assessment for normies!
Ok so I’ve now ported the assessment questions into an excel document. This was made in 30 minutes or so, so I’m sure there’s areas that can be improved but I wanted to at least get this into the community for feedback. After all it can always be updated.
I really hope this at least sparks people to think about different things, to consider having a security strategy, to conduct designs and to architect with security in mind from the start. I’m open to constructive feedback and i love community involvement so if you have an idea, suggestion or comment please do share!
Thanks to @DirkSchrader_ for nudging me to release this, a good remdinder from him that “perfect is the enemy of good”.
Be safe peoples!