Custom Guide Builder

Filters
Filter by Methods
Methods
Filter by Activities
Activities
Filter by Org Size
Org Size
Filter by Approaches
Approaches
Filter by Remote Options
Remote Options

Full Safetag Guide Content

Read More

Activities

  • This component allows an auditor and host to come to an understanding of the level of access that an auditor will have, what is off limits…
  • Negotiate an agreement with the organization that outlines how an auditor will protect the privacy of the organization and the outcomes of…
  • Incident Response within the context of an audit refers to setting up a procedure for handling incidents during an audit in the event the…
  • This exercise focuses on research and re-confirmation of regional issues from general trends to specific legal restrictions and safety…
  • This exercise focuses on research into the technical capacity of potential threat actors, including both historical attack data and any…
  • This section provides guidance on creating a realistic audit timeline for your assessment plan.
Read More

Activities

  • This exercise focuses on research and re-confirmation of regional issues from general trends to specific legal restrictions and safety…
  • This exercise focuses on research into the technical capacity of potential threat actors, including both historical attack data and any…
Read More

Activities

  • The auditor conducts interviews with various staff members to gather information on the organizations risks and capacity. Q&A sessions are…
  • This additional interview activity is to identify if there are any indicators that the organization may have already been attacked and/or…
  • A monolithic, one-time interview with key staff is not always possible or advisable, but interacting with a variety of staff exposes…
Read More

Activities

  • This exercise suggests some targeted online search tools and tricks to gather information leakages from organizations. While many advocacy…
  • This component allows the auditor to quickly identify publicly available resources (such as websites, extranets, email servers, but also…
  • Using online tools as a starting point in assessing the auditee web application is a good way to expand online reconnaisance as well as…
  • DNS Stands for Domain Name Service. In a nutshell, what it does is translate hosts/computer's name into it's IP addresses. It provides a way…
Read More

Activities

  • The activity aims to assess which kind of informal agreements regarding best practices and security directives are formulated, accessed…
  • The activity aims to understand the organization's internal security policy context, looking for existing policies, understanding how they…
  • The auditor conducts interviews with various staff members to gather information on the organizations risks and capacity. Q&A sessions are…
  • The auditor checks staff devices for updated systems and software, anti-virus and other security capabilities, and identifies software…
Read More

Activities

  • Network scanning is a technique used to gather information about devices connected on a certain network. It involves enumerating open ports…
  • This activity helps auditors to test the strength of defenses the organizations' network has in place to protect their local area network…
  • Any content that is sent out over the network without encryption is easy to intercept; this includes email, web passwords, and chat messages…
  • This component allows the auditor to work remotely to identify the devices on a host's network, the services that are being used by those…
  • Many wireless routers still use the default password listed in “Router Default Password Search”, meaning that anyone with access to the…
  • VoIP technologies are commonly used nowadays as it provides an alternate flexible way of communication. With its numerous benefits, from…
  • This component allows the auditor to show the "visibility" of an organization's wireless network to determine how far the organization's…
  • It can be valuable to to listen to broadcast wireless traffic at the physical office location, even before knowing anything about the…
Read More

Activities

  • The auditor checks staff devices for updated systems and software, anti-virus and other security capabilities, and identifies software…
  • Weak and "shared" passwords are prevalent - even after hundreds of well-publicized global password breaches, "password" and "12345" remain…
  • The auditor checks staff devices for updated systems and software, anti-virus and other security capabilities, and identifies software…
  • The auditor interviews the staff about their practices, personal devices, software and other security capabilities that they use outside of…
  • During the organizational assessment you will almost certainly come across 3rd party cloud-based service providers being used by the audited…
  • Network scanning is a technique used to gather information about devices connected on a certain network. It involves enumerating open ports…
  • During this component an auditor tours the audit location(s) and flags potential risks related to physical access at that location.
  • Though modern browsers are better at self-updating, and the prevalence of powerful plugins like flash and java are slowly declining, it is…
Read More

Activities

  • The auditor checks staff devices for updated systems and software, anti-virus and other security capabilities, and identifies software…
  • The auditor checks for the type of mobile devices in the organizations Follows a series of steps depending on the different mobile devices…
  • The auditor checks staff devices for updated systems and software, anti-virus and other security capabilities, and identifies software…
  • The auditor interviews the staff about their practices, personal devices, software and other security capabilities that they use outside of…
  • Firewire ports and expansion slots can be abused to obtain data that are thought to be encrypted Any attacker who obtains a running…
  • Weak and "shared" passwords are prevalent - even after hundreds of well-publicized global password breaches, "password" and "12345" remain…
  • This exercise supports the auditor in building an effective dictionary that is customized to an organization. This dictionary can then be…
  • During this component an auditor tours the audit location(s) and flags potential risks related to physical access at that location.
  • Though modern browsers are better at self-updating, and the prevalence of powerful plugins like flash and java are slowly declining, it is…
Read More

Activities

  • While much of SAFETAG focuses on digital security challenges within and around the office, remote attacks on the organization's website…
  • After scanning and identifying which (if any) vulnerabilities are present within the software and systems of an organization, dig deeper to…
  • Using online tools as a starting point in assessing the auditee web application is a good way to expand online reconnaisance as well as…
  • Organizational websites are often a central part of their work, but resource constraints can leave them vulnerable to a wide variety of…
  • VoIP technologies are commonly used nowadays as it provides an alternate flexible way of communication. With its numerous benefits, from…
  • Examine configuration files for vulnerabilities using "hardening", or "common mistake" guides found online.
  • Many wireless routers still use the default password listed in “Router Default Password Search”, meaning that anyone with access to the…
Read More

Activities

  • Data and meta-data about an organization and its staff is incredibly difficult to keep track of over time, as people or projects use cloud…
  • Have staff rank the impact if different data within the organization was lost, and the impact if various adversaries gained access to that…
  • During the organizational assessment you will almost certainly come across 3rd party cloud-based service providers being used by the audited…
  • Lead staff in an activity were they describe the impact if various devices were destroyed.
  • Lead staff in an activity identifying what critical data (as identified in during the Data Assessment) would be available if an adversary…
  • Guide staff through an activity to have them list private data within the organization (e.g. Using the "personal information to keep private…
Read More

Activities

  • During this component an auditor tours the audit location(s) and flags potential risks related to physical access at that location.
  • This activity helps the auditor assess the organization's current operational security policies and practices through in-person or remote…
  • This activity seeks to identify potential physical vulnerabilities to an organization's information security practices by documenting the…
  • This activity assists in identifying potential physical security concerns at an organization, particularly when an auditor cannot travel to…
  • It can be valuable to to listen to broadcast wireless traffic at the physical office location, even before knowing anything about the…
  • This component allows the auditor to show the "visibility" of an organization's wireless network to determine how far the organization's…
  • The auditor checks staff devices for updated systems and software, anti-virus and other security capabilities, and identifies software…
  • The auditor interviews the staff about their practices, personal devices, software and other security capabilities that they use outside of…
Read More

Activities

  • This activity helps to identify the processes that allow the organization to function (publishing articles, payments, communicating with…
  • The pre-mortem strategy was devised to take participants out of a perspective of defending their plans and strategies and shielding…
  • As part of SAFETAG's dedication to building agency and supporting organizational adoption of safer practices, a careful prioritization of…
  • Data and meta-data about an organization and its staff is incredibly difficult to keep track of over time, as people or projects use cloud…
  • Doxing (also "doxxing", or "d0xing", a word derived from "documents", or "docs") consists in tracing and gathering information about someone…
Read More

Activities

  • Malware is a common tactic to target organizations. Malware like a Remote Access Trojan (or RAT) can provide an attacker with backdoor…
  • This component briefs the tools and procedures required to acquire the image (live or dead, depending on the situation) and securely handle…
  • This component describes how to perform an analysis on captured evidence (e.g. hard drive image or memory dump) without altering the…
  • Incident Response within the context of an audit refers to setting up a procedure for handling incidents during an audit in the event the…
  • This exercise focuses on research into the technical capacity of potential threat actors, including both historical attack data and any…
  • Network scanning is a technique used to gather information about devices connected on a certain network. It involves enumerating open ports…
Read More

Activities

  • The pre-mortem strategy was devised to take participants out of a perspective of defending their plans and strategies and shielding…
  • This additional interview activity is to identify if there are any indicators that the organization may have already been attacked and/or…
  • Data and meta-data about an organization and its staff is incredibly difficult to keep track of over time, as people or projects use cloud…
  • These activities build off of a process or data mapping exercise to connect actual processes or assets and data of the organization with…
  • As part of SAFETAG's dedication to building agency and supporting organizational adoption of safer practices, a careful prioritization of…
  • This helps the auditor enumerate threats that the organization is concerned about and the internal priorities of them. At the same time, it…
  • This exercise focuses on research and re-confirmation of regional issues from general trends to specific legal restrictions and safety…
  • Doxing (also "doxxing", or "d0xing", a word derived from "documents", or "docs") consists in tracing and gathering information about someone…
Read More

Activities

    Read More

    Activities

      Read More

      Activities

      • Schedule and have a follow up call to discuss the audit report. This provides a valuable touch-point for the organization to read the…
      • Make introduction between host and known resources as needed.
      • Follow up with host after a few months to check on progress, get long-term feedback and connect with any new resources.
      • Providing a space for anonymous, guided feedback is valuable to gather information about how your audit work and the SAFETAG framework…
      Read More

      Activities

      • As part of SAFETAG's dedication to building agency and supporting organizational adoption of safer practices, a careful prioritization of…
      • This component consists of an auditor sorting their recommendations in relation to the organizations threats and capacity. The auditor…
      • In this component the auditor documents resources that the host may be able to leverage to address the technical, regulatory, organizational…
      • This component consists of an auditor compiling their audit notes and recommendations into a comprehensive set of documents the shows the…

      Selected Safetag Guide Content

      No sections selected

      ← Select activities from the panel to the left to build your custom guide