senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Recommendations are now generated by AI, changed format for key findings, risks names are now bold

Browse Source
This commit is contained in:
Amir
2025-08-11 21:51:21 +02:00
parent 2d2dc7ed14
commit e68a0f615a
5 changed files with 89 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
document_template.yml
View File

@@ -17,29 +17,12 @@
content:
- title: "Key Findings"
description: |
{{ document.key_findings }}
{{ document.key_findings|safe }}
- segment_type: "recommendations"
content:
- title: "Recommendations"
description: |
To address the identified risks effectively, we propose a strategic roadmap of targeted safeguards. These safeguards are prioritized based on their potential effectiveness in reducing risk likelihood and impact. Key recommendations are categorized by the risks they primarily mitigate:
- subtitle: "Phishing Risk Mitigation:"
description: |
- Deploy advanced email filtering systems to significantly reduce the volume of spam and malicious emails reaching end-users.
- Enforce multi-factor authentication (MFA) organization-wide to secure access to systems and data, adding a critical layer of defense against compromised credentials.
- Conduct regular phishing simulations and comprehensive security awareness training programs to enhance employee vigilance and their ability to identify and report suspicious activity.
- subtitle: "Ransomware Prevention and Recovery:"
description: |
- Implement a comprehensive patch management program to promptly address known software vulnerabilities across all relevant systems and applications.
- Utilize endpoint detection and response (EDR) tools to provide real-time monitoring, detection, and containment capabilities against malicious activities, including ransomware.
- Ensure frequent and verified data backups are performed, stored securely offline or in an immutable state, to enable effective recovery in the event of a ransomware attack or other data loss incidents.
- subtitle: "Vendor Risk Management:"
description: |
- Establish and enforce robust vendor security standards aligned with recognized frameworks such as ISO 27001, requiring third parties to meet defined security requirements.
- Conduct regular third-party risk assessments to evaluate the security posture of vendors, monitor their compliance with established standards, and identify and address potential vulnerabilities introduced through the supply chain.
- Integrate continuous monitoring solutions for vendor activities, particularly those accessing critical systems or sensitive data, to detect and respond to suspicious behavior promptly.
{{ document.recomendations|safe }}
- segment_type: "value_proposition"
content: