More results...
Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and published a simple 2-page exemptions policy template for SecAware. In essence, after explaining what ‘exemptions’ are, the policy requires that they are authorised after du…
Although the
organisational/business context is clearly relevant and important to information risk and
security management, it is tricky to describe. In my opinion, clause 4 of ISO/IEC 27001 is so succinct that it leaves readers perplexed as to …
For some curious reason, the Statement of Applicability steals the limelight in the ISO27k world, despite being little more than a formality. Having recently blogged about the dreaded SoA, ’nuff said on that.Today I’m picking up on the SoA’s shy …
Thinking about the principles underpinning information risk and security, here’s a tidy little stack of 44 “Hinson tips” – one-liners to set the old brain cells working this chilly mid-Winter morning:Address information confidentiality, integrity and a…
The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as “Our Information Security Management System
conforms to generally accepted good security practices as descri…
Inspired by an insightful comment on LinkeDin from an SC 27 colleague on the other side of the world (thanks Lars!), I spent most of last week updating the SecAware security policy templates and ISO27k ISMS materials.The main change was to distinguish …
I created a Jupyter Notebook to query the crt.sh website, dump the results into a pandas data frame, and then printing out the unique list of results to the screen for OSINT investigations.
Smart OSINT Collection of Common IOC (Indicator of compromise) Types
This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, do…
XRay is a software for recon, mapping and OSINT gathering from public networks.
XRay for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
How Does it Work?
XRay is a ve…
Automated Vulnerability Scanner for XSS
Written in Python3
Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests.
…