New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rebuild physical device assessment as a user device activity #268

joncamfield opened this Issue Feb 23, 2017 · 1 comment


None yet
1 participant

joncamfield commented Feb 23, 2017

The physical assessment work would be better as an activity under the user device assessment as a broader method (idea: could also include network scanning and similar work to better take account of decentralized organizations)


This comment has been minimized.


joncamfield commented Aug 28, 2017

A workshop focused on remote assessment revealed that instead, a broader "operational security" method would be valuable for understanding where staff work (remote/home/on travel/separate offices...).

The organizational security methodology is now focused on how to mitigate against threats that occur because of the arrangement of digital assets in the physical world -- how secure are the devices at an organization's office, where and how staff travel with organizational devices, and whether staff work outside of the office (e.g. in remote offices, at their homes, while traveling, or at cafes). Further, is organizational information accessed from personal devices, and how are those devices secured?
Additional activities which can be done remotely have been added.

#287 and #286 address this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment