Context of the organisation Organisational context "Determine the organization's ISMS objectives and any issues that might affect its effectiveness The organization shall determine external and internal issues that are relevant to ist purpose and that affect ist ability to achieve the intended outcome(s) of its information security management system. " Interested parties "Identify interested parties including applicable laws, regulations, contracts etc. The organization shall determine: Interested parties that are relevant to the information security management system." "Determine their information security-relevant requirements and obligations The organization shall determine: The requirements of these interested parties relevant to information security." ISMS scope "Determine and document the ISMS scope The organization shall determine the boundaries and applicability of the information security managment system to establish ist scope. When determining this scope, the organization shall consider: a) th
Alexander Knorr opexxx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !function(){var e,t,l,a,n,r={38127:function(e,t,l){"use strict";l.r(t);var a=l(34846),n=l.n(a),r=l(50009),i=l.n(r)()(n());i.push([e.id,".logo:hover {\r\n cursor: pointer;\r\n animation: jelly 0.5s;\r\n}\r\n\r\n.logo {\r\n padding-left: 17px;\r\n padding-top: 14px;\r\n margin-bottom: 10px;\r\n}\r\n\r\n@keyframes jelly {\r\n\r\n 0%,\r\n 100% {\r\n transform: scale(1, 1);\r\n }\r\n\r\n 25% {\r\n transform: scale(0.9, 1.1);\r\n }\r\n\r\n 50% {\r\n transform: scale(1.1, 0.9);\r\n }\r\n\r\n 75% {\r\n transform: scale(0.95, 1.05);\r\n }\r\n}\r\n\r\n.ant-badge {\r\n color: inherit !important;\r\n}\r\n\r\n.site-layout .site-layout-background {\r\n border-radius: 10px;\r\n}\r\n\r\n.ant-menu-inline .ant-menu-item:not(:last-child),\r\n.ant-menu-vertical-left .ant-menu-item:not(:last-child),\r\n.ant-menu-vertical-right .ant-menu-item:not(:last-child),\r\n.ant-menu-vertical .ant-menu-item:not(:last-child) {\r\n margin: 0px !important;\r\n}\r\n\r |
opexxx
/ EASA Part-IS and ISO27001
Created
April 10, 2025 22:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| EASA Part-IS and ISO27001 | |
| Overview of EASA Part-IS | |
| Definition and Purpose | |
| Framework for Aviation Safety | |
| EASA Part-IS establishes a comprehensive safety framework for aviation. | |
| Compliance Requirements | |
| Organizations must adhere to strict compliance requirements for safety. | |
| Key Principles | |
| Safety Management | |
| Focuses on systematic processes to enhance aviation safety. |
opexxx
/ Security Issues and Fixes Overview.txt
Created
March 19, 2025 23:26
Security Issues and Fixes Overview
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### **Detailed Explanation of the Security Issues & Fixes** | |
| This section provides in-depth technical details about each issue, including the risks involved, how attackers could exploit them, and step-by-step implementation of the fixes. | |
| --- | |
| ## **1. Content Security Policy (CSP) - High Risk (Score: -20, Failed)** | |
| **Issue:** | |
| The current CSP configuration is insecure due to: | |
| - Allowing **`unsafe-inline`** in `script-src`, which permits execution of inline JavaScript (possible XSS attack). |
opexxx
/ Critical Issues & Remediation Steps.txt
Last active
March 19, 2025 23:26
Critical Issues & Remediation Steps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Critical Issues & Remediation Steps | |
| 1. Content Security Policy (CSP) - (Score: -20, Failed) | |
| Issue: | |
| The CSP policy includes unsafe directives (unsafe-inline, data: in script-src). | |
| Overly broad source definitions (https: in object-src or script-src). | |
| No restrictions on object-src or script-src. | |
| Impact: | |
| Makes the application vulnerable to Cross-Site Scripting (XSS) attacks. |
| Document Type | Policy - Mandatory |
|---|---|
| Document ID | |
| Audience | All employees |
| Confidentiality | For internal use |
| Language | English |
| Applies to | |
| Version | |
| Owner | |
| Author |
| Document Type | Policy - Mandatory |
|---|---|
| Document ID | |
| Audience | All employees |
| Confidentiality | For internal use |
| Language | English |
| Applies to | |
| Version | |
| Owner | |
| Author |
| Document Type | Policy - Mandatory |
|---|---|
| Document ID | |
| Audience | All employees |
| Confidentiality | For internal use |
| Language | English |
| Applies to | |
| Version | |
| Owner | |
| Author |
| Document Type | Policy - Mandatory |
|---|---|
| Document ID | |
| Audience | All employees |
| Confidentiality | For internal use |
| Language | English |
| Applies to | |
| Version | |
| Owner | |
| Author |
opexxx
/ Configuration Management Policy.md
Created
September 11, 2024 20:23
Configuration Management Policy
| Document Type | Policy - Mandatory |
|---|---|
| Document ID | |
| Audience | All employees |
| Confidentiality | For internal use |
| Language | English |
| Applies to | |
| Version | |
| Owner | |
| Author |
NewerOlder