search

security-alliance / frameworks

Official repository for the Security Frameworks by SEAL. Currently under development, not a release.
https://frameworks.securityalliance.org
13 stars 5 forks source link

Should we add a priority pyramid scheme (or something like it)? #54

Open mattaereal opened 2 months ago

mattaereal commented 2 months ago

What content are you looking to add?

Assign Priority Levels: Categorize the content into different priority levels based on their importance. Examples: Level 1: Fundamental Practices (Essential for everyone, foundational security) Level 2: Intermediate Practices (Important, but builds on the fundamentals) Level 3: Advanced Practices (Critical for more complex or high-risk environments) Level 4: Top Priority Practices (For highly sensitive environments, must-have for critical infrastructure)

Why do you think it is important?

It would make people understand what they should do first, and distinguish between all the guidelines what's urgent, and what can be an edge-case situation.

Imagine wanting to secure a GitHub organization. The priorities should be:

  1. Enforcing all members to use 2FA without SMS on their logins (be it a GH account or something like Google)
  2. Use least privilege access (don't give people permissions they don't need)
  3. Monitor / Audit Activity
  4. Protect sensitive repos / branches

All of these are a super high priority, and on the other side, you have things like backup critical repositories or use private repositories.

Can you cite resources where to base the content from?

I don't have any good resources for this.