[Blends-commit] [SCM] privacy branch, master, updated. 21d8971ddf4f9bfe11fcde02e901d3bb0253c7f4
DocOcassi
dococassi at boukom.com
Thu Jan 1 15:57:42 UTC 2015
The following commit has been merged in the master branch:
commit ad78a5b91c28370c412d0eb8fb0c8588e3aac3e6
Author: DocOcassi <dococassi at boukom.com>
Date: Tue Dec 30 11:19:01 2014 +0000
Still sorting markdown
diff --git a/doc/index.md b/doc/index.md
index e4d518b..c24d6b2 100644
--- a/doc/index.md
+++ b/doc/index.md
@@ -1,4 +1,4 @@
-= Debian-Sanctuary =
+# Debian-Sanctuary
Change name to Debian Sanctuary
@@ -8,7 +8,8 @@ The system will present tasks related to use cases for the user. It will install
I have used a modified risk assessment for identifying the Threats, and Controls Measures, which will in turn identify the tools required: see [[Risk.odt]]
-== links ==
+## links
+
Project home
http://wiki.debian.org/DebianFreedom
@@ -23,13 +24,17 @@ Info Regarding the Pure blends
http://blends.debian.org/blends
-== Risk Assessment ==
+## Risk Assessment
+
+### Task
-=== Task ===
Each task (Use Case).
-=== Hazards ===
-each line will define an individual threat:
+### Hazards
+
+Each line will define an individual threat:
+| Hazard | Description |
+| ---- | ---- |
| Tool Failure | Your computer hardware/software being exploited |
| Tool Theft | Your computer being stolen |
| Theft | Theft of value |
@@ -37,47 +42,52 @@ each line will define an individual threat:
| Infiltration | infiltration into the actual system/protocol |
| Manipulation | Manipulation of Objective |
-=== Information ===
+### Information
+
Categories of information that a Hazard could compromise:
-| Personal | Personal information about family, generally used for Identity theft or blackmail |
-| Behavioural | Used for Selling marketing and Spying |
-| Financial | Used to denote things with monetary value |
-| Ideological | Used to identify political affiliation |
-| Operational | used to identify actions and resist pressure |
-| Private | information of a sensitive nature |
+| Information Type | Description |
+| ---- | ---- |
+| Personal | Personal information about family, generally used for Identity theft or blackmail |
+| Behavioural | Used for Selling marketing and Spying |
+| Financial | Used to denote things with monetary value |
+| Ideological | Used to identify political affiliation |
+| Operational | used to identify actions and resist pressure |
+| Private | information of a sensitive nature |
+
+### Likelihood
-=== Likelihood ===
In an environment with *no* protection the possibility of compromise.
-=== Control Measures ===
+### Control Measures
+
Based on the Hazard and the Information threatened, define countermeasures to use to mitigate risk.
-| # | Control Measure | Description |
-| --- | --- | --- |
-| 1 | OS Choice | A Secure OS with minimal active exploits |
-| 2 | Firewall | Protect yourself by blocking direct attacks |
-| 3 | Anti-virus/Malware | Ensure you have Updated and active virus/malware protection, this may be provided by the OS |
-| 4 | Computer Use Training / User Competanccy | When using a computer to acieve tasks safely. |
-| 5 | Cache Purging | Ensure any processed information is not left where it can be recovered |
-| 6 | Password Safe | If you have access passwords/keys, ensure they are stored in a safe location |
-| 7 | Disk Encryption | Protect your sensitive information from being recovered from silenced disks |
-| 8 | Transport Encryption | Encrypt data during transit, must be to an acceptable* standard |
-| 9 | Out of Band Authentication | Authentication where a shared secret had been securely passed and verified |
-| 10 | Authenticated Encryption | Encryption that has been secured by an Authenticated secret |
-| 11 | Transport Anonymity | A transport to prevent identification of actors communication |
-| 12 | Perfect Forward Secrecy. | Encryption which ,even if intercepted, cannot be decrypted with any key |
-| 13 | Anonymity | Communication cannot be identified or authenticated. |
-| 14 | Platform Selection | Choice of platform/network to use based on protection given (https://tosdr.org) |
-| 15 | Authentication | Authentication (less strong then OOB?) |
-| 16 | System Use Training | A Specific system needs to give special usage information to the user |
-| 17 | Censorship Resistance | |
-| | | |
+| # | Control Measure | Description |
+| ---- | ---- | ---- |
+| 1 | OS Choice | A Secure OS with minimal active exploits |
+| 2 | Firewall | Protect yourself by blocking direct attacks |
+| 3 | Anti-virus/Malware | Ensure you have Updated and active virus/malware protection, this may be provided by the OS |
+| 4 | Computer Use Training / User Competanccy | When using a computer to acieve tasks safely. |
+| 5 | Cache Purging | Ensure any processed information is not left where it can be recovered |
+| 6 | Password Safe | If you have access passwords/keys, ensure they are stored in a safe location |
+| 7 | Disk Encryption | Protect your sensitive information from being recovered from silenced disks |
+| 8 | Transport Encryption | Encrypt data during transit, must be to an acceptable* standard |
+| 9 | Out of Band Authentication | Authentication where a shared secret had been securely passed and verified |
+| 10 | Authenticated Encryption | Encryption that has been secured by an Authenticated secret |
+| 11 | Transport Anonymity | A transport to prevent identification of actors communication |
+| 12 | Perfect Forward Secrecy. | Encryption which ,even if intercepted, cannot be decrypted with any key |
+| 13 | Anonymity | Communication cannot be identified or authenticated. |
+| 14 | Platform Selection | Choice of platform/network to use based on protection given (https://tosdr.org) |
+| 15 | Authentication | Authentication (less strong then OOB?) |
+| 16 | System Use Training | A Specific system needs to give special usage information to the user |
+| 17 | Censorship Resistance | |
+| | | |
(* If it is good enough for trade agreements.)
-== Tools ==
+## Tools
Tools available brief description and control measures implemented, I have just taken this from my limited uderstanding of these systems, and will need further investigation to be sure of these claims.
There are also grades of protection provided by packages, which isn't investigated here, but an implementation of some kind of grading may be useful but also difficult.
@@ -114,11 +124,11 @@ There are also grades of protection provided by packages, which isn't investigat
These are preliminary and there is a definite need to have thouruogh analysis of these tools bassed on their claims.
-== Use Training ==
+## Use Training
The Largest point of failure in all these systems is the user, through misconfiguration of misuse, we need a method to engage the user and their thought process when using these tools. from general computer use to using a specific tool, these should be easily accessible to the user and available from Context of use use, the language must be as clear as possibly and accessibly to users of all levels.
-== Development ==
+## Development
`blends-dev`
Tools to build metapackages from template
--
Debian Privacy Tools Pure Blend
More information about the Blends-commit
mailing list