Ok so you might think I’m mad with the title but bear with me!

So, the world is in an interesting place, we’ve got a pandemic, we’ve got prolific cyber crime and we have all kinds of different views on how we should tackle this problem.

Now I love a framework and there’s ton’s of them. But the truth is they are complex, detailed, nuanced and generally require a level of nerd that a lot of organistaions do not have.

In 2020 during the pandemic I decided to try and write something to simplify this position, whilst I didn’t want to be too narrow, I wanted to try and capture the breadth of cyber security that is relevent to the general purpose organistaion. I came up with a set of 140 questions which I believe are a good take on things to consider and ask when conducting a security review at a high level. (yes 140 questions is a high level view, this stuff is complex as hell at the detailed end of things, and the devil is in the detail).

So a friend of mine asked me today where I had got to with this, so I decided it has collected virtual dust for too long, here is the first public release of the PwnDefend Cyber Assessment for normies!

https://www.pwndefend.com/wp-content/uploads/2021/05/Cyber-Security-Assessment-Questionaire-for-Normies-v1.pdf

[Update]
Ok so I’ve now ported the assessment questions into an excel document. This was made in 30 minutes or so, so I’m sure there’s areas that can be improved but I wanted to at least get this into the community for feedback. After all it can always be updated.

I really hope this at least sparks people to think about different things, to consider having a security strategy, to conduct designs and to architect with security in mind from the start. I’m open to constructive feedback and i love community involvement so if you have an idea, suggestion or comment please do share!

Thanks to @DirkSchrader_ for nudging me to release this, a good remdinder from him that “perfect is the enemy of good”.

Be safe peoples!

Leave a Reply

Your email address will not be published. Required fields are marked *