_toc.yml

format: jb-book

root: introduction

parts:
- caption: Prevention
  chapters:
  - file: prevention/prevention
  - file: prevention/architecturesteps  
  - file: prevention/simple-checklists
    sections:      
      - file: prevention/nocx-security-checklist
      - file: prevention/foss-securitycriteria
      - file: prevention/reproduciblebuilds
      - file: prevention/owasp-top10-checklist
      - file: prevention/openSSF-scorecard
      - file: prevention/linux-securitychecklist
      - file: prevention/mvsp
      - file: prevention/api-security-checklist
      - file: prevention/csp-checklist
      - file: prevention/ncp-checklists
      - file: prevention/evalFOSS
      - file: prevention/conciseguidefordeveloping
      - file: prevention/ransomware
  - file: prevention/simplesolutions
  - file: prevention/hardening
  - file: prevention/securitystandards
    sections:
      - file: prevention/cors


- caption: Protection
  chapters:
  - file: protection/security-policies
    sections:
      - file: protection/security-guidelines 
      - file: protection/iso27001      
      - file: protection/mattermost-security-policy      
      - url: https://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=2810&s=1A
        title: Example of NASA
      - url: https://www.vupune.ac.in/images/IT-Policies/VU_HR-IS_Policy_Ver_10.pdf
        title: Example of an university 
      - url: https://www2.gov.bc.ca/assets/gov/british-columbians-our-governments/services-policies-for-government/information-management-technology/information-security/isp_v4.pdf
        title: Example of a government
      - url: https://www.etsi.org/deliver/etsi_tr/103300_103399/10330501/04.01.02_60/tr_10330501v040102p.pdf
        title: ETSI Critical Security Controls for Effective Cyber Defence
  - file: protection/security-classifications
    sections:
      - url: https://security.berkeley.edu/data-classification-standard
        title: Data Classification Standard (Berkeley)
      - file: protection/dataclassification-example1
  - file: protection/vulnerabilities-search  
  - file: protection/security-management
  - url: https://nocomplexity.com/documents/securitysolutions
    title: Security Solutions

- caption: Architecture
  chapters:
  - file: architecture/frameworks
  - file: architecture/reference-architecture
  - file: architecture/securitymodels
  - file: architecture/attack-vectors
    sections:
      - file: architecture/common-attackvectors
      - file: architecture/supplychainattacks      
      - url: https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
        title: CWE Top 25 Most Dangerous Software Weaknesses
      - url: https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html
        title: CWE Most Important Hardware Weaknesses 
  - file: architecture/threadmodels
    sections:
      - file: architecture/stride
      - url: https://www.first.org/cvss/specification-document
        title: CVSS
      - url: http://securitycards.cs.washington.edu/index.html
        title: Security Cards 
      - url: https://resources.sei.cmu.edu/library/Asset-view.cfm?assetid=51546
        title: OCTAVE Approach
  - file: architecture/securityprinciples
    sections:
      - file: architecture/mozilla_securityprinciples
      - file: architecture/mozilla-dataprivacy-principles
      - file: architecture/NCSC-designprinciples
      - file: architecture/NCSC-zerotrustprinciples
      - file: architecture/NCSC-securecommunication
      - file: architecture/saltzer_designprinciples
      - file: architecture/ms-zt-principles


- caption: Learning
  chapters:
  - file: learning/securitycourses
  - file: learning/books
  - url: https://nocomplexity.com/documents/securitybydesign/
    title: Security By Design
  - file: learning/secure-coding
  - file: learning/softwaretesting
  - file: learning/trustedcomputing
  - file: learning/security-references
    sections:
      - file: learning/cryptography
      - file: learning/securityframeworks
      - file: learning/researchlabs
      - file: learning/foundations
      - file: learning/governmental
      - file: learning/vulnerabilitymanagement
      - file: learning/vulnerabilitydatabases
  - url: https://nocomplexity.com/cybersecurity-conferences/
    title: Security Conferences

- caption: About
  chapters:
  - file: open  
  - file: contributing
  - file: aboutthisguide
  - file: bio
  - file: license