securityinnovation / security-best-practices Goto Github PK
View Code? Open in Web Editor NEWA Security and Privacy Guide for non-technical users
License: Other
A Security and Privacy Guide for non-technical users
License: Other
There should be definitions of some terms that aren't readily apparent, or used specific to this docoument. They should be linked within content.
A full review of content by another reviewer
The Travelling Safely page needs to be restructured. Right now it covers too many topics and is kind of confusing.
needs rewritting, doesn't work for this section
Full Content review by a peer
Add details to Android page about disabling GPS as we link to it from the GPS page.
There really should be a ton more stuff to add to this.
Once moved to the SI branch I'll start embedding the videos.
There should be definitions of some terms that aren't readily apparent, or used specific to this document. They should be linked within content.
reread all pages to ensure any mention of "Tips" is changed to "Best Practices"
Received a question from a non-technical user on which vpn software to use on a mac. This is good that they are asking questions, means they are reading the guide.
Add more details to vpn section on products and recommendations.
We should have a page on how to use bitlocker and FileVault2.
I also would love to recommend a cross-platform solution, but Truecrypt is the only one that ever worked well, and it's been "deprecated." Are there other ones out there?
So right now the threat section of each area is basically a mishmash of general threats to a topic (The Android page is a particularly good example). I like the idea of having the following structure.
#<Topic Name>
##General Threats
This should be general threats to a device. E.g. Android devices experience OS version fragmentation, mobile phones can be virus vectors, blah blah.
##Threats and Mitigations
This should be a list of threats and their corresponding solutions. E.g.
###Android OS Vulnerable to Known Attacks
**Description:** Google regularly provides important security updates to Android, especially to prevent known attacks against Android devices.
**Mitigation:** Regularly check that your phone is updated to the latest version blah blah
###Device Stolen
**Description:** If your phone is ever stolen or confiscated it can be trivial for an attacker to retrieve your files from the phone
**Mitigation:** Enable encryption on the device
##Tips
* Bulleted list of general advice that maybe don't directly mitigate a threat or mitigate multiple threats
##Additional Resources
* Bulleted list of additional resources on the topic
Current license (I believe) puts this content in the public domain. Consider adapting a different license. We may want to prevent commercial use, require attribution, etc. https://wiki.creativecommons.org/wiki/Considerations_for_licensors_and_licensees
All of the resources out there on BYOD security are all for the employer. We should add a page with considerations for regular users.
What are the implications of using my personal device at work?
What do the MDM's do and how do they impact my use / safety?
What will my employer be able to see?
Create an image security page for discussing how metadata can reveal sensitive information including geolocation.
If this is to turn into a book an interesting anecdote would be great to add to each section
The Browser Security page probably should be restructured: https://github.com/MrVaughan/Security-Best-Practices/wiki/Browser-Security
I am concerned that if we're going to be distributing this best practices document that we should be making strong product recommendations. Just saying Chrome is the best, is probably not sufficient, and will get all the Mozilla fanboys mad at us. We might want to say that Chrome sandboxes things better and have their own Flash binary instead of Adobe. Also, is Microsoft Edge that bad? Or even IE11 in terms of security? This is why I'm leery of recommending a specific product.
Also, why this? "Use incognito mode to do browsing sensitive sites"
Is it because it won't store the cookies? Maybe expand and explain why.
Get an industry peer outside of SI to review the first draft.
The https://github.com/MrVaughan/Security-Best-Practices/wiki/Backups page deviates from other pages by calling the heading "Easy Solution" vs. "Solutions."
I get why you did that, as you wanted to call out that this was less than ideal, but it's jarring to the reader. I would change it.
All first round pages need to be written.
Consider adding this page at a later date.
The "Social Engineering" page is too colloquial and is written in a style that doesn't match the other pages. I would change some of the words and reorganize it to match.
This guide has the potential to be awesome enough that we should consider moving the content to its own domain and using Mediawiki (or equivalent).
For each section add additional external resources for more information.
For each "Do this' Mentioned in guide, write a step by step how to guide for each item
Currently we have a "Mac" page and a "Windows" page. One of them refers to the hardware, while the other one refers to the operating system. I would suggest changing the Windows page to "PC", to be consistent.
I was going to suggest changing the Mac page to OS X, but then realized our target audience might not realize that's the operating system that runs on Macs.
We talk about iMessage in the SMS page, but maybe we want to mention it in the Chat page? Since it's kind of a hybrid SMS and chat application
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.