SecurityInnovation / Security-Best-Practices

A Security and Privacy Guide for non-technical users
Other
43 stars 9 forks source link

Restructure Pages #16

Closed Zaxim closed 9 years ago

Zaxim commented 9 years ago

So right now the threat section of each area is basically a mishmash of general threats to a topic (The Android page is a particularly good example). I like the idea of having the following structure.

#<Topic Name>

##General Threats
This should be general threats to a device. E.g. Android devices experience OS version fragmentation, mobile phones can be virus vectors, blah blah.

##Threats and Mitigations
This should be a list of threats and their corresponding solutions. E.g.
###Android OS Vulnerable to Known Attacks
**Description:** Google regularly provides important security updates to Android, especially to prevent known attacks against Android devices.
**Mitigation:** Regularly check that your phone is updated to the latest version blah blah

###Device Stolen
**Description:** If your phone is ever stolen or confiscated it can be trivial for an attacker to retrieve your files from the phone
**Mitigation:** Enable encryption on the device

##Tips
* Bulleted list of general advice that maybe don't directly mitigate a threat or mitigate multiple threats

##Additional Resources
* Bulleted list of additional resources on the topic
MrVaughan commented 9 years ago

This is definitely a good idea for some of the device / OS specific ones (android, mac, ios, windows) and maybe a couple others, there are many that are single threat based though and this model might not apply directly. Will do my best to apply this model where appropriate.

MrVaughan commented 9 years ago

The worst offending pages were the iOS and Android pages as well as the mac/windows pages. The iOS and Android ones have been reworked a bit but not the major overhaul that this issue calls for.

Additionally all other pages have been consistently modelled with the Threats; Best Practices; Resources headings. Until significantly more content is added I think the current model will suffice. Closing this issue for now but will consider re-opening for a future release.