SAFETAG (BETA)
Custom guide creator_
Security Auditing Framework and Evaluation Template for Advocacy Groups. SAFETAG is a professional audit framework that adapts traditional penetration testing and risk assessment methodologies to be relevant to smaller non-profit organizations based or operating in the developing world.
Learn MoreMethods
Explore all Safetag Methods
Preparation
This component consists of audit preparation activities that are needed to ensure the components of the audit are able to be conducted effectively and within...
Context Research
This component allows the auditor to identify the relevant regional and technological context needed to provide a safe and informed SAFETAG audit. This component consists...
Capacity Assessment
In this component the auditor engages with staff through both formal interviews and informal conversations to identify the organization's strengths and weakness (expertise, finance, willingness...
Reconnaissance
The remote assessment methodology focuses on direct observation of an organization and their infrastructure, consisting of passive reconnaissance of publicly available data sources ("Open Source...
Organizational Policy Review
This methodology explores existing organizational practices, informal agreements, and policies around managing information security and responding to threats. It also seeks to reveal presumptions made...
Network Mapping
This component allows the auditor to identify security issues with the host's network and map the devices on a host's network, the services that are...
Organizational Device Usage
This component allows the auditor to discover and assess the security of the devices on the network and/or used in the organization. This component consists...
User Device Assessment
This component allows the auditor to assess the security of the individual devices on the network. This component consists of interviews, surveys, and inspection of...
Vulnerability Scanning and Analysis
This component has the auditor discover possible flaws the organization's devices, services, application designs, and networks by testing and comparing them against a variety of...
Data Assessment
This component allows the auditor to identify what sensitive data exists for the organization, where it is stored, and how it is transferred. ...
Physical and Operational Security
The organizational security methodology is focused on how to mitigate against threats that occur because of the arrangement of digital assets in the physical world...
Process Mapping and Risk Modeling
This component allows an auditor to lead the host organization's staff in a series of activities to identify and prioritize the processes that are critical...
Responding to Advanced Threats
This component allows the auditor to be able to identify, triage, and analyze suspicious behavior on a device or in a network. Depending on the...
Threat Assessment
This objective uses a variety of activities to identify possible attackers and gather background information about the capability of those attackers to threaten the...
Responsive Support
The auditor provides assistance for any immediate action needed (spot training, tool fixes, consulting on upcoming projects) -- this may also involve addressing vulnerabilities that...
Debrief
This component consists of an out-brief to key points of contact, providing basic pressure relief through group and individual interactions, and planning future follow-up with...
Follow Up
This component allows an auditor to explain and get feedback on their report as well as evaluate the success of the process over time through...
Report Creation and Recommendation Development
In this component the auditor identifies the organization's strengths and weakness (expertise, finance, willingness to learn, staff time, etc.) to adopting new digital and physical...