Simple Checklists

The landscape of cyber security solutions is filled with:

• Holy Grails and

• Failures

We are all humans. So for severe problems like mitigating cyber security risks we fall in love with so called ‘Holy Grail’ products. The product capabilities of these product are outlined with vague and difficult marketing buzz. So perfect for managers who lack a solid technical background. Of course you have to trust the vendor since these too-good-to-be-true products are never F/OSS products. This of course to hide the fact that magic solutions do not exist. And security by obscurity is a bad security principle.

Failed security products are doomed when deployed. These products are characterized by:

• a complex setup

• propriety solution and

• complex mandatory maintenance and update processes.
  Too often these product introduces extra risks instead of mitigating risks. Deploying these products can be compared with deliberately installing a large backdoor in your trusted environment.

Checklists help with improving all security management aspects like:

• Developing and improving security architectures and designs.

• Communication. E.g. after a security incident.

• Evaluating quality of solutions.

Collection of Security Checklists

• Dead simple security checklist
• OpenSSF Best Practices Badge
• Reproducible builds
• OWASP Top 10
• Linux workstation security checklist
• API Security Checklist
• Content Security Policy (CSP)
• Checklist Repository(NCP)

• Kubernetes Security- Best Practice Guide, https://github.com/freach/kubernetes-security-best-practice