Nothing2Hide audit framework
Although Nothing2Hide uses a classic audit framework, our specificity is to integrate during our recommendations phase a tool adapted to civil society organisations: usesoap.app.
Phase 1 - Preparation
- Definition of the scope of the audit
- Construction and validation of the audit reference framework (identification of documentary resources, identification of players and people to be approached as part of the audit, etc.).
- Drawing up the work programme and validating the organisation of the assignment.
Phase 2 - Investigation
- Interviews, testing and analysis:
- audit of premises
- audit of the internal network
- audit of online services
- audit of equipment and devices in place,
- interviews with teams to understand work processes
- Detection of vulnerabilities
- Assessment of risks and their severity
Phase 3. - Safety recommendations
- Drawing up recommendations and validating them with the partner
- Drawing up a security policy using the usesoap tool and validating it with the partner
Phase 4. Implementation and monitoring of security projects
- Feedback: presentation of the security policy
- Organisation of team training
- Identifying threats and how to deal with them;
- use of security tools and procedures;
- Set up long-term monitoring.
You could leave a comment if you were logged in.