The landscape of cyber security solutions is filled with:
Holy Grails and
We are all humans. So for severe problems like mitigating cyber security risks we fall in love with so-called ‘Holy Grail’ products. The product capabilities of these products are outlined with vague and difficult marketing buzz. So perfect for managers who lack a solid technical background. Of course you have to trust the vendor since these too-good-to-be-true products are never F/OSS products. This of course to hide the fact that magic solutions do not exist. And security by obscurity is a bad security principle.
Failed security products are doomed when deployed. These products are characterised by:
a complex setup
propriety solution and
complex mandatory maintenance and update processes.
Too often these products introduce extra risks instead of mitigating risks. Deploying these products can be compared with deliberately installing a large backdoor in your trusted environment.
Checklists help with improving all security management aspects like:
Developing and improving security architectures and designs.
Communication. E.g. after a security incident.
Evaluating quality of solutions.
Collection of Security Checklists#
- Dead simple security checklist
- OpenSSF Best Practices Badge
- Reproducible builds
- OWASP Top 10
- Linux workstation security checklist
- Minimum Viable Secure Product
- API Security Checklist
- Content Security Policy (CSP)
- Checklist Repository(NCP)
- Evaluating Open Source Software
- Checklist for Developing More Secure Software
- Ransomware Checklist
Kubernetes Security- Best Practice Guide, freach/kubernetes-security-best-practice