joncamfield
commented
6 years ago For this and #336 , these could fit into what we currently have as "recommendations" under each exercise. One project we hope to improve under an upcoming project is better tracking of effective mitigations (e.g. an org with these attributes (large, decentralized, some funding for IT/sec) faced these threats (APT-level actors with a history of attacking this org) and these mitigations were recommended (policy changes, tools x, y, and z, training, etc.) -- this is where SAFETAG itself ends. With Risk Reduction Plans, we are taking those recommendations and implementing them while taking in to account their impact on security and their ease of adoption.
That's a long intro to the fact that "recommendations" are currently embedded in exercises, and face many of the same "1:many" relationship problems as exercises and methods. (I've long dreamed that an "exercise" should have a clear result which can be "fixed" with one or more recommendations, but this may be a level of simplicity which is not possible.
All of this is to say that these two ideas definitely fit in what we currently have as "recommendations," but perhaps that data structure itself will need to change and be more flexible.
hackatom
blazman
I've been using OwnCloud as my personal backup and cloud data storage. I have it setup in a way I can access it my local cloud storage remotely via VPN. A lot of features may be helpful in building technological capacity for small organizations that needs backup, Mattermost, mail server, PABX etc.
https://owncloud.com/features