Simple Checklists

The landscape of cyber security solutions is filled with:

• Holy Grails and

• Failures

We are all humans. So for severe problems like mitigating cyber security risks we fall in love with so-called ‘Holy Grail’ products. The product capabilities of these products are outlined with vague and difficult marketing buzz. So perfect for managers who lack a solid technical background. Of course you have to trust the vendor since these too-good-to-be-true products are never F/OSS products. This of course to hide the fact that magic solutions do not exist. And security by obscurity is a bad security principle.

Failed security products are doomed when deployed. These products are characterised by:

• a complex setup

• propriety solution and

• complex mandatory maintenance and update processes.
  Too often these products introduce extra risks instead of mitigating risks. Deploying these products can be compared with deliberately installing a large backdoor in your trusted environment.

Checklists help with improving all security management aspects like:

• Developing and improving security architectures and designs.

• Communication. E.g. after a security incident.

• Evaluating quality of solutions.

Collection of Security Checklists

• Dead simple security checklist
• OpenSSF Best Practices Badge
• Reproducible builds
• OWASP Top 10
• OpenSSF Scorecard
• Linux workstation security checklist
• Minimum Viable Secure Product
• API Security Checklist
• Content Security Policy (CSP)
• Checklist Repository(NCP)
• Evaluating Open Source Software
• Checklist for Developing More Secure Software
• Ransomware Checklist

• Kubernetes Security- Best Practice Guide, freach/kubernetes-security-best-practice