Welcome to the Security Analysis repository! Here, we dive deep into the digital trenches, armed with data collected from a comprehensive survey across various companies. Our mission? To unveil the hidden truths behind cyber security practices, vulnerabilities, and risk management strategies. 💻🔍
1. Software Licensing 📋:
- Do all applications and/or software used in your organization have current licenses?
2. Vulnerability Disclosure 🚨:
- Are controls in place to disclose vulnerabilities in software (commercial or in-house developed)?
3. Server Location 🌐:
- Are all production servers, applications, or supporting software physically located in the data center?
4. IT Continuity and Disaster Recovery 🌪️:
- How many times were the IT continuity and disaster recovery (DRP) plans triggered during the year?
5. Vulnerability Scans 🕵️♂️:
- How often do you perform vulnerability scans? (periodicity)
6. Cloud Providers ☁️:
- Number of cloud providers involved in critical or important business processes
7. Patch Management 🔧:
- What is the average time of implementing critical patches? (e.g. with CVE score 9 or higher)
8. Web Application Security 🌐:
If the web application is developed in-house:
- Have the developers undergone SDLC security training, including OWASP Top 10 web application vulnerabilities for secure coding practices?
- Does the web application require forms for authentication of user credentials with different authorization levels?
9. Access Control and Privileges 🔐:
- Is Administrative privilege granted by business owners with the principle of least privilege?
10. Impact Assessment 💥:
- What number of citizens would this business failure impact?
- Would the consequences to the citizens be catastrophic?
...
Our codebase, fueled by Python magic, churns through the survey data with unparalleled precision. Harnessing the power of analytics, we unlock insights into the cyber security practices of our surveyed companies. Prepare to be dazzled by the revelations we uncover! ✨🚀