[Blends-commit] [SCM] privacy branch, master, updated. 21d8971ddf4f9bfe11fcde02e901d3bb0253c7f4

DocOcassi dococassi at boukom.com
Thu Jan 1 15:57:41 UTC 2015 

The following commit has been merged in the master branch:
commit c29e038f0669cad9425168a5a211ef1b9e01bdaf
Author: DocOcassi <dococassi at boukom.com>
Date:   Tue Dec 30 01:35:05 2014 +0000

    Added control measures.

diff --git a/doc/Risk.odt b/doc/Risk.odt
index f29a3c6..65c21e6 100644
Binary files a/doc/Risk.odt and b/doc/Risk.odt differ
diff --git a/doc/index.wiki b/doc/index.wiki
index 084a313..75ccc79 100644
--- a/doc/index.wiki
+++ b/doc/index.wiki
@@ -26,41 +26,66 @@ http://anonscm.debian.org/cgit/blends/projects/freedom.git/
 The Git page for edits.
 https://github.com/debian-freedom/debian-freedom.git
 
-== Threat assessment ==
+== Risk Assessment ==
 
-*Task*
+=== Task ===
 Each task (Use Case).
 
-*Hazards*
+=== Hazards ===
 each line will define an individual threat:
-    * Tool Failure  (Your computer hardware/software being exploited)
-    * Tool Theft    (Your computer being stolen)
-    * Theft         (theft of value)
-    * Surveillance  (Spying)
-    * Infiltration  (infiltration into the actual system/protocol)
-    * Manipulation  (Manipulation of Objective)
-
-*Information*
+| Tool Failure | Your computer hardware/software being exploited |
+| Tool Theft   | Your computer being stolen                      |
+| Theft        | Theft of value                                  |
+| Surveillance | Spying                                          |
+| Infiltration | infiltration into the actual system/protocol    |
+| Manipulation | Manipulation of Objective                       |
+
+=== Information ===
 Categories of information that a Hazard could compromise:
-    * Personal      (personal information about family, generally used for Identity theft or blackmail)
-    * Behavioural   (Used for Selling marketing and Spying)
-    * Financial     (Used to denote things with monetary value)
-    * Ideological   (Used to identify political affiliation)
-    * Operational   (used to identify actions and resist pressure)
-    * Private       (information of a sensitive nature)
+| Personal    | Personal information about family, generally used for Identity theft or blackmail |
+| Behavioural | Used for Selling marketing and Spying                                             |
+| Financial   | Used to denote things with monetary value                                         |
+| Ideological | Used to identify political affiliation                                            |
+| Operational | used to identify actions and resist pressure                                      |
+| Private     | information of a sensitive nature                                                 |
 
 
-*Likelyhood*
+=== Likelihood ===
 In an environment with *no* protection the possibility of compromise.
 
 
-*Control Measures*
+=== Control Measures ===
 Based on the Hazard and the Information threatened, define countermeasures to use to mitigate risk.
+| 1  | OS Choice                                | A Secure OS with minimal active exploits                                                    |
+| 2  | Firewall                                 | Protect yourself by blocking direct attacks                                                 |
+| 3  | Anti-virus/Malware                       | Ensure you have Updated and active virus/malware protection, this may be provided by the OS |
+| 4  | Computer Use Training / User Competanccy | When using a computer to acieve tasks safely.                                               |
+| 5  | Cache Purging                            | Ensure any processed information is not left where it can be recovered                      |
+| 6  | Password Safe                            | If you have access passwords/keys, ensure they are stored in a safe location                |
+| 7  | Disk Encryption                          | Protect your sensitive information from being recovered from silenced disks                 |
+| 8  | Transport Encryption                     | Encrypt data during transit, must be to an acceptable* standard                             |
+| 9  | Out of Band Authentication               | Authentication where a shared secret had been securely passed and verified                  |
+| 10 | Authenticated Encryption                 | Encryption that has been secured by an Authenticated secret                                 |
+| 11 | Transport Anonymity                      | A transport to prevent identification of actors communication                               |
+| 12 | Perfect Forward Secrecy.                 | Encryption which ,even if intercepted, cannot be decrypted with any key                     |
+| 13 | Anonymity                                | Communication cannot be identified or authenticated.                                        |
+| 14 | Platform Selection                       | Choice of platform/network to use based on protection given (https://tosdr.org)             |
+| 15 | Authentication                           | Authentication (less strong then OOB?)                                                      |
+| 16 | System Use Training                      | A Specific system needs to give special information to the user                             |
+
+(* If it is good enough for trade agreements.) 
+
+== Tools ==
+
+Tools available brief description and control measures implemented
+| GnuPG      | Public Private key encryption                 | 15, 10         |
+| OTR        | Private communications over instant messaging | 13, 12, 15, 10 |
+| Mix Master | Anonymous Remailer                            | 11,            |
 
 
+== tools ==
 
 
-== tools ==
 
 === Development ===
     

-- 
Debian Privacy Tools Pure Blend

More information about the Blends-commit mailing list