pep-un / oxomium Goto Github PK
View Code? Open in Web Editor NEWSimple cybersecurity conformity tool for SECOPS and CISCO
Home Page: https://www.oxomium.org
License: GNU General Public License v3.0
Simple cybersecurity conformity tool for SECOPS and CISCO
Home Page: https://www.oxomium.org
License: GNU General Public License v3.0
The Organization - Policy - Mesure indirection append to be painfull.
We probably need to get ride of the Policy class and represent Policy as a bunch of Mesure
Relation between risk and Action
Mesure -> Measure
The controler must be in capacity to prove the control and add an attachement.
Implement an audit log of all change on object with simple-history :
https://django-simple-history.readthedocs.io/en/latest/quick_start.html
Update ISO27701:2013 to correctly represents the security control
Create the security control list for ISO27001:2022.
need a set of Policy to import during the setup th have a more usabel tool.
Upgrade forms tom implemente logics and restrictions.
For exemple, if a Conformity is not applicable, all other field should be disabled.
When we affect a Policy to an Organization, we need te create automaticaly all Conformity item.
At the revers, we need to delete them when the Policy is unassociate.
Add an attachment in the form to allow to add proof or additional data related to the topic.
Some measure may be not applicable, We need to add a check box to allow it.
Comment wil be used to explain why
Classes names are not coherant with the wording used in ISO27000 framwork.
To have a more clear code and interface it's importante to clarify the wording and to update the classes names and display accordingly.
Status must be change automatically at the start of a period from "Scheduled" to "To Be Evaluated".
Additionally, at the end of the period, they must be changed to Missed, if they ave not been evaluated.
Alllow to track audits and audits findings.
This is a prerequisit to actions and actions plan
CCIP should allow to have an hoverview of all Actions with teh followinf information :
Extend User Model to implement Organization attachement and Organization based restriction
Implement sorted and filtered table.
Create a planed report to receive daily / weekly / monthly status.
Create an email notification for action near to expiration date.
This page must provide an overview off all item affected to the user (compliance, audit, CAPA, ...)
it may be usefull in international context, to display if the policy is writen in english or in a other language.
Review the OWASP TOP 10, an describe in Security.md how we handle each risque.
The conformity is actualy evaluat an a scal from 0 to 100.
Other system may be more pertinant :
What is the best choice ?
Add link to creat Actions from Conformiy and Finding.
Add the visibility on the number of action listed to a Conformity or a Finding.
Add direct link to the list of action related to a Conformity or an Finding
Had link to open Finding or Conformity from Action. (Detail View or in the form ?)
Add a new menu to see the plan of controls my year/months/weeks and be able to planifie unplaned control or replanifie the existing one.
I didn't succeed to find the way to add this "filter".
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.