compliance - Legal, procedural and policies document templates for operating an IRT

  •        2

This repository contains information and materials to support CSIRT activities and especially regarding legal compliance. This work is co-financed by the European Union under the CEF grant 2016-LU-IA-0098 and CIRCL. Thanks to all the contributors who helped by providing feedback, issues and documents.

https://github.com/CIRCL/compliance

Tags
Implementation
License
Platform

   




Related Projects

GDPR-Transparency-and-Consent-Framework - Technical specifications for IAB Europe Transparency and Consent Framework that will help the digital advertising industry interpret and comply with EU rules on data protection and privacy - notably the General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018

  •    Javascript

Hosted in this repository are the technical specifications for IAB Europe Transparency and Consent Framework that will help the digital advertising industry interpret and comply with EU rules on data protection and privacy - notably the General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018. In November 2017, IAB Europe and a cross-section of the publishing and advertising industry, announced a new Transparency & Consent Framework to help publishers, advertisers and technology companies comply with key elements of GDPR. The Framework will give the publishing and advertising industries a common language with which to communicate consumer consent for the delivery of relevant online advertising and content. IAB Tech Lab is charged with the technical governance of these specifications.

Windows10-Privacy - Windows 10 Privacy Guide

  •    

At the end of the setup process, create a local account, don't use Cortana and turn off everything in the privacy settings. If you already installed Windows with the default settings, go to Start > Settings > Privacy to turn them off. You should also go to Account and disconnect your Microsoft account because this guide will prevent it from working properly. Once you get to the desktop, go to Settings > Updates and security, and let it download all the updates. Reboot and repeat until no more updates are available. This is important because Windows Update may interfere with our activities. Now open the Store app, and let it download updates too. Again, this is important because updates would interfere with our activities. This may take some time, and it may even get stuck. If it happens, reboot and try again. Make sure you check for updates several times, because we absolutely don't want it to try and download stuff while we're removing it.

intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol

  •    Python

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.

cordova-plugin-media-capture - Mirror of Apache Cordova Plugin media-capture

  •    Javascript

This plugin provides access to the device's audio, image, and video capture capabilities.WARNING: Collection and use of images, video, or audio from the device's camera or microphone raises important privacy issues. Your app's privacy policy should discuss how the app uses such sensors and whether the data recorded is shared with any other parties. In addition, if the app's use of the camera or microphone is not apparent in the user interface, you should provide a just-in-time notice before the app accesses the camera or microphone (if the device operating system doesn't do so already). That notice should provide the same information noted above, as well as obtaining the user's permission (e.g., by presenting choices for OK and No Thanks). Note that some app marketplaces may require your app to provide just-in-time notice and obtain permission from the user prior to accessing the camera or microphone. For more information, please see the Privacy Guide.

yett - 🔐A small webpage library to control the execution of (third party) scripts

  •    Javascript

We use yett in order to provide GDPR compliant consent-first-analytics, via an UI like below. Blocking execution of analytics script (until consent is given) can be done manually, but the problem is that analytics providers often provide minified code embeds that you have to include in your html as they are. If you want to exercise control over their execution, then you have to tamper with this minified JS yourself, which is complex and does not scale well if you load several 3rd party scripts.


wire - :wavy_dash: Overview of the open source code for Wire

  •    

The privacy page and the privacy and security whitepapers explain the details of the encryption algorithms and protocols used.For licensing information, see the attached LICENSE file and the list of third-party licenses at wire.com/legal/licenses/.

response - Monzo's real-time incident response and reporting tool ⚡️

  •    Javascript

Dealing with incidents can be stressful. On top of dealing with the issue at hand, responders are often responsible for handling comms, both internal and external, reporting, and coordinating the efforts of other engineers. To reduce the pressure and cognitive burden on its engineers, Monzo built Response to help coordinate and report incidents. Limit context switching Context switching during an incident is often unavoidable. Response aims to limit this, by enabling actions to be carried out without leaving the conversation.

privacybadger - Privacy Badger is a browser extension that automatically learns to block invisible trackers

  •    Javascript

Privacy Badger is a browser extension that automatically learns to block invisible trackers. Instead of keeping lists of what to block, Privacy Badger learns by watching which domains appear to be tracking you as you browse the Web. Privacy Badger sends the Do Not Track signal with your browsing. If trackers ignore your wishes, your Badger will learn to block them. Privacy Badger starts blocking once it sees the same tracker on three different websites.

gdpr_rails - Rails Engine for the GDPR compliance

  •    CSS

PolicyManager (Aka GDPR RAILS) was created with flexibility in mind to comply with the requirements of the GDPR (General Data Protection Regulation). It's currently being developed at preyproject and will be battle-tested on preyproject.com from May 25th. Portability module lets you define export options, that will generate a navigable static HTML site with all the data you've defined in the portability rules with json support too.

fix-windows-privacy - Fix Windows 10 Privacy

  •    C++

Fix Windows Privacy is a tool to disable privacy breaches on Windows 10. More information and an installer is available on the project's github page at https://modzero.github.io/fix-windows-privacy/.

incident-response-docs - PagerDuty's Incident Response Documentation.

  •    HTML

This is a public version of the Incident Response process used at PagerDuty. It is also used to prepare new employees for on-call responsibilities, and provides information not only on preparing for an incident, but also what to do during and after. See the about page for more information on what this documentation is and why it exists. You can view the documentation directly in this repository, or rendered as a website at https://response.pagerduty.com.

Wazuh - Host and endpoint security

  •    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

reclaimprivacy - a tool for scanning Facebook privacy settings and fixing unexpected privacy holes

  •    Javascript

a tool for scanning Facebook privacy settings and fixing unexpected privacy holes

Tails - Live operating system which preserves privacy and anonymity

  •    C

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. Tails relies on the Tor anonymity network to protect your privacy online. It encrypt and sign your emails and documents using the de facto standard OpenPGP either from Tails email client, text editor or file browser.

Iridium Browser - A browser securing your privacy. That’s it.

  •    C

Iridium is a free, open, and libre browser modification of the Chromium code base, with privacy being enhanced in several key areas. Automatic transmission of partial queries, keywords, metrics to central services inhibited and only occurs with consent. In addition, all our builds are reproducible, and modifications are auditable, setting the project ahead of other secure browser providers.

macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.

  •    Python

This guide is a collection of techniques for improving the security and privacy of a modern Apple Macintosh computer ("MacBook") and macOS (formerly known as "OS X"). This guide is targeted to “power users” who wish to adopt enterprise-standard security, but is also suitable for novice users with an interest in improving their privacy and security on a Mac.

privacy-respecting - Curated List of Privacy Respecting Services and Software

  •    

Please read the contribution guidelines before contributing. This is a list of various 'free' services whose business models are to collect as much personal data about you as possible and alternatives you can use to them if you care about not losing control of your data and your privacy.

rattlesnakeos-stack - Build your own privacy and security focused Android OS in the cloud on a continuous basis with OTA updates

  •    Go

RattlesnakeOS is a privacy and security focused Android OS for Google Pixel phones. RattlesnakeOS was created initially as an alternative to CopperheadOS, a security hardened Android OS created by Daniel Micay, after it stopped being properly maintained back in June 2018. To be clear, this project is not attempting to add or recreate any of the security hardening features that were present in CopperheadOS. Instead, it is looking to fill a gap now that CopperheadOS is no longer available in its previous form, as there are no real alternatives that provide the same level of privacy and security.

diffy - Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response

  •    Python

Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT). Diffy allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. Diffy is currently focused on Linux instances running within Amazon Web Services (AWS), but owing to our plugin structure, could support multiple platforms and cloud providers.

TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform

  •    Javascript

TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables. Collaboration is at the heart of TheHive. Multiple analysts can work on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time.