Asset_Register.md

June 20, 2026 ยท View on GitHub

Hack23 Logo

๐Ÿ’ป Hack23 AB โ€” Asset Register

๐Ÿ›ก๏ธ Comprehensive Asset Management Through Systematic Documentation
๐ŸŽฏ Enterprise-grade Asset Inventory Demonstrating Cybersecurity Excellence

Owner Version Effective Date Review Cycle

๐Ÿ“‹ Document Owner: CEO | ๐Ÿ“„ Version: 2.4 | ๐Ÿ“… Last Updated: 2026-06-02 (UTC)
๐Ÿ”„ Review Cycle: Annual | โฐ Next Review: 2027-06-02


๐ŸŽฏ Purpose Statement

Hack23 AB's asset register demonstrates how comprehensive asset management directly enables both security excellence and business transparency. Our systematic asset documentation serves as both operational necessity and client demonstration of our cybersecurity consulting methodologies.

Scope: Company identities, SaaS/platform accounts, cloud accounts, domains, and intellectual property. Supplier posture and SLAs are authoritative in SUPPLIER.md. Open source transparency governance in Open Source Policy.

Overview โ€ข Identities โ€ข SaaS โ€ข AWS โ€ข Domains โ€ข IP โ€ข Risk โ€ข Changelog

๐Ÿงญ Icon Legend

  • ๐Ÿ‘ค Identity โ€ข ๐Ÿ” MFA โ€ข ๐Ÿ› ๏ธ Platforms โ€ข ๐Ÿ“ Notes
  • ๐Ÿงฉ Service โ€ข ๐Ÿข Account/Org โ€ข ๐Ÿ“ฆ Plan โ€ข โœ… Status
  • โ˜๏ธ Cloud โ€ข ๐Ÿ™ GitHub โ€ข ๐Ÿฆ Banking โ€ข ๐Ÿงพ Accounting โ€ข ๐Ÿ’ณ Payments
  • ๐Ÿ”Ž Search/SEO โ€ข โ–ถ๏ธ YouTube โ€ข ๐Ÿฆ„ Product Hunt โ€ข ๐ŸŽต TikTok โ€ข โœ–๏ธ X
  • ๐ŸŒ Domain โ€ข ยฉ๏ธ Intellectual Property โ€ข ๐Ÿ’ผ LinkedIn

๐Ÿ—บ๏ธ Asset Landscape (Overview)

%%{
  init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#1565C0', 'lineColor': '#1565C0' } }
}%%
mindmap
  root((Hack23 Assets))
    Identities
      Google MFA
      GitHub: pethers MFA
      AWS Identity Center MFA
    SaaS & Platforms
      Accounting: Bokio
      Banking: SEB
      Dev: GitHub Org
      Payments: Stripe
      Marketing: YouTube ยท ProductHunt ยท X ยท TikTok
      Search: GSC ยท Bing Webmaster
    AWS Org (Control Tower)
      Audit: 810580475124
      Log Archive: 241765033212
      hack23master: 172017021075
      Permission Sets: Admin ยท PowerUser ยท ReadOnly ยท ServiceCatalog
    Domains
      hack23.com
      blacktrigram.com
      ciacompliancemanager.com
      riksdagsmonitor.com
      euparliamentmonitor.com
    IP & Repos
      Black Trigram
      CIA Compliance Manager
      Citizen Intelligence Agency
      European Parliament MCP Server
      EU Parliament Monitor
      Game Template
      Hack23 Homepage
      Lambda in Private VPC
      Riksdagsmonitor
      Sonar CloudFormation Plugin

1) Identities and Accounts

1.1 Human identities

#๏ธโƒฃ ID๐Ÿ‘ค Personโœ‰๏ธ Email๐Ÿ› ๏ธ Platforms๐Ÿ” MFA๐Ÿ“ Notes๐Ÿท๏ธ Types
U-001James Pether Sรถrlingpether.sorling@gmail.com๐Ÿ”Ž Google โ€ข ๐Ÿ™ GitHub (pethers) โ€ข โ˜๏ธ AWS SSOEnabledGoogle account is the hub for SaaS sign-ins listed belowExecutive

1.2 Linked services (via Google account)

#๏ธโƒฃ ID๐Ÿงฉ Service๐Ÿ‘ค Account/Handleโœ… Status๐Ÿ” MFA/2FA๐Ÿ“ Notes๐Ÿท๏ธ Types
G-001๐Ÿงพ BokioGoogle loginActive โœ…N/A (IdP)Connected via GoogleCompliance Finance
G-002๐Ÿ’ณ StripeGoogle loginActive โœ…N/A (IdP)Connected via GoogleAPI Sales
G-003๐Ÿ”Ž Google Search Consolepether.sorling@gmail.comActive โœ…Google MFASite verificationAnalytics Marketing
G-004๐Ÿ”Ž Bing Webmaster Toolspether.sorling@gmail.comActive โœ…Google MFASite verificationAnalytics Marketing
G-005โ–ถ๏ธ YouTube@ via GoogleActive โœ…Google MFAConnectedFrontend Marketing
G-006๐Ÿฆ„ Product HuntGoogle loginActive โœ…N/A (IdP)ConnectedFrontend Marketing
G-007๐ŸŽต TikTokGoogle loginActive โœ…N/A (IdP)ConnectedFrontend Marketing
G-008โœ–๏ธ X (Twitter)Google loginActive โœ…N/A (IdP)ConnectedFrontend Marketing
G-009๐Ÿ’ผ LinkedIn (CEO)https://www.linkedin.com/in/jamessorling/Active โœ…Platform MFAProfessional profileFrontend Executive
G-010๐Ÿ’ผ LinkedIn (Company)https://www.linkedin.com/company/hack23/Active โœ…Platform MFACompany pageFrontend Marketing

1.3 GitHub account and integrations

#๏ธโƒฃ ID๐Ÿ™ Account๐Ÿ” MFA๐Ÿ”Œ Connected Apps๐Ÿ“ Notes๐Ÿท๏ธ Types
GH-001pethersEnabledโ€”Used across Hack23 org projectsDevTools Operations
GH-INT-001Integration: SonarSource (SonarCloud)N/Aโ€”SAST (static analysis)Security Operations
GH-INT-002Integration: FOSSAN/Aโ€”Open source compliance (license/security)Security Legal

2) SaaS and Platforms (summary)

See SUPPLIER.md for detailed posture (costs, SLAs, risks).

#๏ธโƒฃ IDโ˜๏ธ Service๐Ÿข Account/Org๐Ÿ“ฆ Plan/Status๐Ÿ‘ค Owner๐Ÿ” MFA๐Ÿ“ Notes๐Ÿท๏ธ Classification
S-001โ˜๏ธ AWSHack23 (Control Tower)Active โœ…CEOEnforced via AWS Identity CenterMission criticalCore Process Operations Availability Mission Critical
S-002๐Ÿ™ GitHubhack23 (org)Active โœ…CEORequiredVersion control, CI/CDDevTools Process Operations Availability High
S-003๐Ÿฆ SEBCorporate BankingActive โœ…CEOBank MFAPayments/payrollAPI Process Finance Availability High
S-004๐Ÿงพ BokioCompany workspaceActive โœ…CEOIdP (Google)AccountingCompliance Process Finance Availability Moderate
S-005๐ŸŽถ SunoSubscriptionActive โœ…CEOPlatform MFAMarketing contentFrontend Process Marketing Availability Standard
S-006๐ŸŽ™๏ธ ElevenLabsSubscriptionActive โœ…CEOPlatform MFAAudio/voiceFrontend Process Marketing Availability Standard
S-007๐Ÿค– OpenAIAPIActive โœ…CEOAPI / Account MFAAI servicesAPI Process Operations Availability Moderate
S-008๐Ÿ’ณ StripePlatformActive โœ…CEOPlatform MFAPaymentsAPI Process Sales Availability Mission Critical
S-009๐Ÿ”Ž Google Search Consolepether.sorling@gmail.comActive (Free) โœ…CEOGoogle MFASEO verification & metricsAnalytics Process Marketing Availability Standard
S-010๐Ÿ”Ž Bing Webmaster Toolspether.sorling@gmail.comActive (Free) โœ…CEOGoogle MFASEO coverage for BingAnalytics Process Marketing Availability Standard
S-011โ–ถ๏ธ YouTubeChannel via GoogleActive (Free) โœ…CEOGoogle MFAMarketing channelFrontend Process Marketing Availability Standard
S-012๐Ÿฆ„ Product Hunthack23Active (Free) โœ…CEOIdP (Google)Launch listingsFrontend Process Marketing Availability Standard
S-013๐ŸŽต TikTokhack23Active (Free) โœ…CEOIdP (Google)Social marketingFrontend Process Marketing Availability Standard
S-014โœ–๏ธ X (Twitter)hack23Active (Free) โœ…CEOIdP (Google)Social updatesFrontend Process Marketing Availability Standard
S-015๐Ÿ’ผ LinkedIn (CEO)jamessorlingActive (Free) โœ…CEOPlatform MFAExecutive profileFrontend Process Executive Availability Standard
S-016๐Ÿ’ผ LinkedIn (Company)Hack23 ABActive (Free) โœ…CEOPlatform MFACompany pageFrontend Process Marketing Availability Standard
S-017๐Ÿ›ก๏ธ SonarSource (SonarCloud)GitHub org integrationActive (Free/public) โœ…CEOGitHub OAuthSAST for public repos onlySecurity Process Operations Availability High
S-018โš–๏ธ FOSSAGitHub org integrationActive (Free/public) โœ…CEOGitHub OAuthOSS license/security for public reposCompliance Process Legal Availability Standard

3) AWS Organization (Control Tower)

Supplier: AWS (accounts via AWS Organizations). Control Tower is used for governance/security and SSO; IAM Identity Center with MFA enforced.
Note: AWS WorkMail uses MFA through Identity Center.

3.1 Accounts

#๏ธโƒฃ ID๐Ÿท๏ธ Account Name๐Ÿ†” Account IDโœ‰๏ธ Root Email๐ŸŽฏ Purpose๐Ÿท๏ธ Types
AWS-001Audit810580475124audit@hack23.comSecurity/audit (CT Log/Audit pattern)Core Operations
AWS-002Log archive241765033212log-archive@hack23.comCentral immutable logsCore Operations
AWS-003hack23master172017021075pether.sorling@gmail.comPrimary workload/managementCore Operations

3.2 Permission sets / access

#๏ธโƒฃ ID๐Ÿ›ก๏ธ Permission Set๐Ÿ“ Scope๐Ÿ”‘ Keys
PS-001AWSAdministratorAccessAudit, hack23masterAccess keys in use (as provided)
PS-002AWSPowerUserAccessAudit, hack23masterAccess keys in use (as provided)
PS-003AWSReadOnlyAccessAudit, hack23masterAccess keys in use (as provided)
PS-004AWSServiceCatalogAdminFullAccesshack23masterAccess keys in use (as provided)
PS-005AWSServiceCatalogEndUserAccesshack23masterAccess keys in use (as provided)

3.3 Visual: AWS Organization Diagram

flowchart LR
  A["Control Tower Org"]
  AU["Audit\n810580475124\naudit@hack23.com"]
  LA["Log Archive\n241765033212\nlog-archive@hack23.com"]
  HM["hack23master\n172017021075\npether.sorling@gmail.com"]

  A --> AU
  A --> LA
  A --> HM

  subgraph "Permission Sets"
    PS1["AWSAdministratorAccess"]
    PS2["AWSPowerUserAccess"]
    PS3["AWSReadOnlyAccess"]
    PS4["AWSServiceCatalogAdminFullAccess"]
    PS5["AWSServiceCatalogEndUserAccess"]
  end

  AU --- PS1
  AU --- PS2
  AU --- PS3
  HM --- PS1
  HM --- PS2
  HM --- PS3
  HM --- PS4
  HM --- PS5

  classDef ct fill:#FFC107,stroke:#FFA000,stroke-width:2px,color:#000000;
  classDef acct fill:#1565C0,stroke:#1565C0,color:#0d47a1;

  class A ct;
  class AU,LA,HM acct;

3.4 DNS (Route 53) and Domain Security

  • DNS provider: Amazon Route 53 (hosted zones in AWS)
  • DNSSEC: Enabled for all domains (DS records published at registrar)
DomainHosted ZoneDNSSECEvidence LinksNotes
hack23.comRoute 53EnabledDNSViz โ€ข Internet.nl โ€ข MXToolboxRegistrar lock on; alerts configured
blacktrigram.comRoute 53EnabledDNSViz โ€ข Internet.nl โ€ข MXToolboxRegistrar lock on; alerts configured
ciacompliancemanager.comRoute 53EnabledDNSViz โ€ข Internet.nl โ€ข SSL LabsProduct domain; alerts configured
riksdagsmonitor.comRoute 53EnabledDNSViz โ€ข Internet.nl โ€ข SSL LabsPolitical transparency domain; alerts configured
euparliamentmonitor.comRoute 53EnabledDNSViz โ€ข Internet.nl โ€ข SSL LabsEU political intelligence domain; alerts configured

๐Ÿ” Domain Security Evidence Summary

Security CheckToolhack23.comblacktrigram.comciacompliancemanager.comriksdagsmonitor.comeuparliamentmonitor.com
DNSSECDNSVizโœ… Signedโœ… Signedโœ… Signedโœ… Signedโœ… Signed
SPFMXToolboxโœ… Validโœ… Validโœ… Validโœ… Validโœ… Valid
DKIMMXToolboxโœ… Validโœ… ValidN/AN/AN/A
DMARCMXToolboxโœ… Validโœ… Validโœ… Validโœ… Validโœ… Valid
CAADNS Lookupโœ… Setโœ… Setโœ… Setโœ… Setโœ… Set
HTTPSSSL Labsโœ… A+โœ… A+โœ… A+โœ… A+โœ… A+

3.5 AWS Services in Use (27 Active Services)

Security & Compliance Services (8 Services)

ServicePurposeData ClassificationStatus
WAFWeb application firewall for hack23.com/blacktrigram.comAvailability Mission Criticalโœ… Active
Security HubCentralized security findings and complianceIntegrity Criticalโœ… Active
DetectiveSecurity investigation and threat huntingConfidentiality Highโœ… Active
InspectorVulnerability assessment for EC2/Lambda/containersIntegrity Criticalโœ… Active
GuardDutyThreat detection across accountsConfidentiality Highโœ… Active
ConfigCompliance rules and resource trackingIntegrity Highโœ… Active
MacieSensitive data discovery in S3Confidentiality Extremeโœ… Active
CloudTrailAPI audit logging across all accountsIntegrity Criticalโœ… Active

Core Infrastructure Services (11 Services)

ServicePurposeData ClassificationStatus
RDSPostgreSQL for CIA applicationAvailability Highโœ… Active
Route 53DNS management with DNSSECAvailability Mission Criticalโœ… Active
WorkMailCorporate email (james@hack23.com)Confidentiality Highโœ… Active
KMSEncryption key managementConfidentiality Extremeโœ… Active
S3Static website hosting, backups, logsAvailability Highโœ… Active
VPCNetwork isolation for Lambda/RDSIntegrity Highโœ… Active
GlacierLong-term backup storageAvailability Standardโœ… Active
CloudFrontCDN for hack23.com, blacktrigram.com, riksdagsmonitor.com, euparliamentmonitor.com, and ciacompliancemanager.com (5 distributions, 19.6M requests/mo combined)Availability Highโœ… Active
LambdaServerless functions for APIsIntegrity Criticalโœ… Active
Control TowerMulti-account governanceIntegrity Criticalโœ… Active
Identity CenterSSO and permission managementConfidentiality Extremeโœ… Active

Monitoring & Analytics Services (4 Services)

ServicePurposeData ClassificationStatus
Cost ExplorerCost analysis and optimizationConfidentiality Moderateโœ… Active
CloudWatch EventsEvent-driven automationAvailability Highโœ… Active
CloudWatchMetrics, logs, and alarmsIntegrity Highโœ… Active
Data TransferCross-region and internet transferN/Aโœ… Active

Resilience & DR Services (4 Services)

ServicePurposeData ClassificationStatus
Resilience HubApplication resilience assessment and policy gatingAvailability Mission Criticalโœ… Active
Fault Injection ServiceChaos experiments to validate failover/recoveryIntegrity Highโœ… Active
AWS BackupCentralized backup plans, cross-region copies, immutable vaultsConfidentiality Highโœ… Active
Backup Audit ManagerBackup compliance controls and reportingIntegrity Highโœ… Active

Planned Services (Q2-Q3 2025)

ServicePurposeData ClassificationTimeline
API GatewayREST/GraphQL APIs for Black TrigramAvailability HighQ2 2025
DynamoDBNoSQL for game state and user dataAvailability HighQ2 2025
CognitoUser authentication for productsConfidentiality HighQ3 2025
ECS/FargateContainer hosting for microservicesAvailability HighQ3 2025

3.6 Security Architecture

graph TB
    subgraph Detection["๐Ÿ” Detection Layer"]
        GD[GuardDuty<br/>Threat Detection]
        DT[Detective<br/>Investigation]
        MC[Macie<br/>Data Discovery]
    end
    
    subgraph Protection["๐Ÿ›ก๏ธ Protection Layer"]
        WAF[WAF<br/>Web Protection]
        IN[Inspector<br/>Vulnerability Scan]
        KMS[KMS<br/>Encryption]
    end
    
    subgraph Compliance["๐Ÿ“‹ Compliance Layer"]
        SH[Security Hub<br/>Posture Management]
        CFG[Config<br/>Compliance Rules]
        CT[CloudTrail<br/>Audit Logs]
    end
    
    subgraph Infrastructure["๐Ÿ—๏ธ Infrastructure"]
        CT_ORG[Control Tower<br/>Governance]
        IDC[Identity Center<br/>SSO]
        VPC[VPC<br/>Network Isolation]
    end
    
    GD --> SH
    DT --> SH
    MC --> SH
    IN --> SH
    CFG --> SH
    CT --> S3[S3<br/>Log Storage]
    CT --> GL[Glacier<br/>Archive]
    
    style Detection fill:#4CAF50
    style Protection fill:#1565C0
    style Compliance fill:#FF9800
    style Infrastructure fill:#D32F2F

4) Domains

#๏ธโƒฃ ID๐ŸŒ Domain๐Ÿข Ownerโœ… Status๐Ÿ“ Notes๐Ÿท๏ธ Types๐Ÿ” Evidence
D-001hack23.comHack23 ABActive โœ…DNS: Route 53 โ€ข DNSSEC: ONFrontend Operations MarketingDNSSEC โ€ข Email โ€ข SSL
D-002blacktrigram.comHack23 ABActive โœ…DNS: Route 53 โ€ข DNSSEC: ONFrontend Marketing SalesDNSSEC โ€ข Email โ€ข SSL
D-003ciacompliancemanager.comHack23 ABActive โœ…DNS: Route 53 โ€ข DNSSEC: ONCompliance Operations MarketingDNSSEC โ€ข SSL
D-004riksdagsmonitor.comHack23 ABActive โœ…DNS: Route 53 โ€ข DNSSEC: ONAnalytics Operations MarketingDNSSEC โ€ข SSL
D-005euparliamentmonitor.comHack23 ABActive โœ…DNS: Route 53 โ€ข DNSSEC: ONAnalytics Operations MarketingDNSSEC โ€ข SSL

5) Intellectual Property

Statement: All copyrights remain with the CEO and sole owner of Hack23.com.

ProjectRepositoryWebsite๐Ÿ—๏ธ Project Type๐Ÿข Process Types
๐ŸŽฎ Black Trigramhttps://github.com/Hack23/blacktrigramhttps://blacktrigram.comFrontendMarketing Sales
๐Ÿ›ก๏ธ CIA Compliance Managerhttps://github.com/Hack23/cia-compliance-managerhttps://ciacompliancemanager.com/ComplianceLegal Operations
๐Ÿ›๏ธ Citizen Intelligence Agencyhttps://github.com/Hack23/ciahttps://hack23.com/cia-features.htmlAnalyticsOperations
๐Ÿ‡ช๐Ÿ‡บ European Parliament MCP Serverhttps://github.com/Hack23/European-Parliament-MCP-Serverhttps://hack23.github.io/European-Parliament-MCP-Server/AnalyticsOperations
๐Ÿ‡ช๐Ÿ‡บ EU Parliament Monitorhttps://github.com/Hack23/euparliamentmonitorhttps://euparliamentmonitor.comAnalyticsMarketing Operations
๐ŸŽฎ Game Templatehttps://github.com/Hack23/game-TemplateOperations
๐ŸŒ Hack23 Homepagehttps://github.com/Hack23/homepagehttps://hack23.comFrontendMarketing
โ˜๏ธ Lambda in Private VPChttps://github.com/Hack23/lambda-in-private-vpc-CoreOperations
๐Ÿ—ณ๏ธ Riksdagsmonitorhttps://github.com/Hack23/riksdagsmonitorhttps://riksdagsmonitor.comAnalyticsMarketing Operations
๐Ÿ” Sonar CloudFormation Plugin โš ๏ธhttps://github.com/Hack23/sonar-cloudformation-plugin-Security ArchivedOperations

๐Ÿ” Repository Security Evidence

Live security posture badges for all Hack23 intellectual property assets:

ProjectOpenSSF ScorecardLicenseCI StatusAdditional Evidence
Black TrigramOpenSSF ScorecardLicenseScorecardsCII Best Practices
CIA Compliance ManagerOpenSSF ScorecardLicenseScorecardsCII Best Practices
Citizen Intelligence AgencyOpenSSF ScorecardLicenseScorecardsCII Best Practices
European Parliament MCP ServerOpenSSF ScorecardLicenseCI/CDCII Best Practices SLSA 3
EU Parliament MonitorOpenSSF ScorecardLicenseNews GenerationCII Best Practices SLSA 3
Game TemplateOpenSSF ScorecardLicenseScorecardsTemplate repo
Hack23 HomepageOpenSSF ScorecardLicenseCI/CDCorporate website
Lambda in Private VPCOpenSSF ScorecardLicenseCI/CDAWS Reference Architecture
RiksdagsmonitorOpenSSF ScorecardLicenseQuality ChecksCII Best Practices SLSA 3
Sonar CloudFormation Plugin โš ๏ธOpenSSF ScorecardLicenseArchivedCII Best Practices

5.1) Intellectual Property Rights (IPR) Handling

๐Ÿ“‹ IPR Framework

All intellectual property created by or for Hack23 AB is managed systematically to ensure legal protection, proper licensing, and secure disposal when necessary.

IPR CategoryHandling RequirementsProtection MeasuresDisposal Method
Source CodeApache-2.0 license, copyright noticesGitHub private/public repos, code review, commit signingSecure repository deletion with backup retention
DocumentationCreative Commons BY-SA 4.0 for public docsVersion control, review processStandard file deletion after retention period
TrademarksBrand guidelines, usage restrictionsRegistered where applicable, monitoringTransfer or abandonment per legal counsel
Trade SecretsNeed-to-know access, NDA requirementsEncryption, access controls, audit loggingSecure deletion per Data Classification Policy
PatentsPrior art documentation, invention disclosuresLegal filing if commercially valuableAbandonment after evaluation

๐Ÿ”’ IPR Protection Controls

  • Copyright Notices: All source files include SPDX headers with copyright attribution
  • License Compliance: FOSSA scanning ensures dependency license compatibility (see Open Source Policy)
  • Access Control: IPR classified per Classification Framework with appropriate access restrictions
  • Secure Disposal: High/Very High confidentiality IPR requires secure deletion with verification

๐Ÿ“œ Third-Party IPR Management

Third-Party IPRUsage RightsCompliance VerificationReview Frequency
Open Source DependenciesPer dependency licenseFOSSA automated scanningEvery commit
Cloud Service IPAWS Customer Agreement termsTerms review during renewalsAnnual
SaaS Platform ToolsPer service agreementTerms acceptance documentedSemi-Annual
Stock MediaRoyalty-free or licensedLicense verification in Asset RegisterAnnual

5.2) Asset Return and Termination Procedures

๐ŸŽฏ Purpose

This section implements ISO 27001 A.5.11 (Return of assets) and A.6.5 (Responsibilities after termination), ensuring systematic asset recovery and access revocation.

๐Ÿ“‹ Termination Checklist

Immediate Actions (Within 24 Hours)

Asset CategoryReturn/Revocation ActionsVerificationResponsibility
Physical DevicesMobile devices, laptops returned to CEOPhysical receipt + device wipe logDeparting individual + CEO
Cloud AccessAWS Identity Center access revokedIAM logs reviewedCEO
Repository AccessGitHub organization membership removedAudit log confirmationCEO
Email AccessWorkMail account disabledEmail forwarding configured if neededCEO
SaaS AccessGoogle Workspace suspensionAdmin console logCEO

Within 7 Days

Asset CategoryReturn/Revocation ActionsVerificationResponsibility
CredentialsAll passwords reset, MFA devices deregisteredAuthentication logs reviewedCEO
VPN/NetworkVPN certificates revoked, firewall rules updatedConnection logs verified emptyCEO
DocumentationCompany confidential documents returned/deletedConfirmation statement signedDeparting individual
IP/Trade SecretsReminder of confidentiality obligationsAcknowledgment signedDeparting individual

Within 30 Days

ActionCompletion CriteriaDocumentation
Final backup verificationConfirm departing individual data archived per retention policyBackup log entry
Security reviewReview access logs for anomalous activitySecurity review memo
NDA reminderSend reminder of ongoing confidentiality obligationsCertified email
Exit interviewDocument knowledge transfer and lessons learnedExit interview notes

๐Ÿ” Asset Classification and Return Priority

Based on Classification Framework:

Asset ClassificationReturn PriorityAccess Revocation SLAVerification Method
Extreme๐Ÿ”ด Critical - Immediate4 hoursManual verification + automated scanning
Very High๐ŸŸ  High - Same day24 hoursAutomated log review
High๐ŸŸก Medium - Within 3 days72 hoursAutomated log review
Moderate๐ŸŸข Standard - Within 7 days7 daysQuarterly access review

๐Ÿ“ Termination Documentation

The following documentation is maintained for each termination:

  • Asset Return Receipt: Physical confirmation of device returns
  • Access Revocation Log: Timestamped log of all access removals
  • Data Archival Certificate: Confirmation of data retention compliance
  • Confidentiality Reminder: Acknowledgment of ongoing obligations
  • Final Security Review: Post-termination security assessment

๐Ÿ”„ Integration with Other Policies


6) Asset Risk and Controls (high level)

6.1 Controls Overview (Mindmap)

%%{
  init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#4CAF50', 'lineColor': '#4CAF50' } }
}%%
mindmap
  root((Controls))
    Identities
      MFA on Google, GitHub, AWS
      Quarterly app reviews
      Passkeys where supported
      Single IdP strategy Google
    AWS Security 27 Services
      8 security services active
      GuardDuty threat detection
      Security Hub centralized
      Macie data discovery
      WAF application protection
      Inspector vulnerability scans
      Detective investigation
      Config compliance rules
      CloudTrail full audit
    Infrastructure Controls
      Control Tower governance
      Identity Center SSO
      KMS encryption everything
      VPC network isolation
      Route 53 DNSSEC
      S3 versioning enabled
      Glacier immutable backups
      WorkMail secure email
    SaaS Management
      Google IdP central
      18 integrated services
      Quarterly access audits
      Export procedures ready
      Alternative suppliers mapped
    Domains & DNS
      Route 53 hosted zones
      DNSSEC all 5 domains
      Registrar locks active
      Auto-renewal configured
      Expiry alerts CloudWatch
    IP Protection
      10 active repositories
      Open source licensing
      Copyright CEO owned
      FOSSA compliance scan
      SonarCloud quality gate
      MCP directory listings

6.2 SWOT โ€” Comprehensive Asset Management

%%{
  init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#FF9800', 'lineColor': '#FF9800' } }
}%%
mindmap
  root((SWOT Analysis))
    Strengths
      27 AWS services deployed
      8 dedicated security tools
      Control Tower multi-account
      100% MFA coverage
      DNSSEC all domains
      CloudTrail complete audit
      KMS encryption at rest
      Automated threat detection
      10 IP assets documented
    Weaknesses
      Single person dependency
      Access keys still active
      No break glass procedure
      Limited DR testing
      Manual security reviews
      18 SaaS dependencies
      Google IdP single point
    Opportunities
      Automate with AWS APIs
      Implement SCPs
      SSO token rotation
      Lambda automation
      GitHub Actions CI/CD
      API Gateway monetization
      DynamoDB scaling
      Cognito user management
    Threats
      Supply chain attacks
      Zero day vulnerabilities
      AWS service outages
      Sophisticated phishing
      NIS2 compliance changes
      Third party breaches
      Domain hijacking
      IP theft attempts

6.3 Asset Coverage Matrix

%%{
  init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#1565C0', 'lineColor': '#1565C0' } }
}%%
mindmap
  root((Asset Coverage))
    AWS 27 Services
      Security 8
        WAF, GuardDuty, Detective
        Inspector, Macie, Security Hub
        Config, CloudTrail
      Infrastructure 11
        RDS, Route 53, WorkMail
        KMS, S3, VPC, Glacier
        CloudFront, Lambda
        Control Tower, Identity Center
      Monitoring 4
        CloudWatch, Events
        Cost Explorer, Data Transfer
      Planned 4
        API Gateway, DynamoDB
        Cognito, ECS Fargate
    SaaS 18 Services
      Critical 4
        GitHub, SEB, Stripe, Bokio
      Marketing 10
        YouTube, TikTok, X
        Product Hunt, LinkedIn
        Google Search Console
        Bing Webmaster
      Content 2
        Suno, ElevenLabs
      Security 2
        SonarCloud, FOSSA
    Domains 5
      hack23.com
      blacktrigram.com
      ciacompliancemanager.com
      riksdagsmonitor.com
      euparliamentmonitor.com
    IP Assets 10
      Black Trigram game
      CIA Compliance Manager
      Citizen Intelligence Agency
      European Parliament MCP Server
      EU Parliament Monitor
      Game Template
      Hack23 Homepage
      Lambda in Private VPC
      Riksdagsmonitor
      Sonar CloudFormation Plugin

6.4 Risk-Based Control Priorities

%%{
  init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#D32F2F', 'lineColor': '#D32F2F' } }
}%%
mindmap
  root((Risk Priorities))
    Critical Risks
      Single point of failure CEO
      AWS root account security
      Access key exposure
      Domain hijacking
      IP theft exposure
    High Risks  
      GitHub supply chain
      Google IdP dependency
      Data breach potential
      Compliance gaps NIS2
      WorkMail compromise
    Medium Risks
      Cost overruns AWS
      Service degradation
      Third party failures
      Documentation gaps
      Backup restore failures
    Low Risks
      Content generation delays
      Social media issues
      Free tier limits
      Marketing tool failures
      Analytics disruption

6.5 Comprehensive Security Posture

graph LR
    subgraph "๐Ÿ” Identity & Access"
        ID1[Google MFA]
        ID2[GitHub MFA]
        ID3[AWS SSO MFA]
        ID4[18 SaaS via Google]
    end
    
    subgraph "๐Ÿ›ก๏ธ AWS Security Stack"
        SEC1[8 Security Services]
        SEC2[CloudTrail Audit]
        SEC3[Control Tower]
        SEC4[KMS Encryption]
    end
    
    subgraph "๐ŸŒ Web & Domains"
        WEB1[hack23.com]
        WEB2[blacktrigram.com]
        WEB3[Route 53 DNSSEC]
        WEB4[CloudFront CDN]
        WEB5[ciacompliancemanager.com]
        WEB6[riksdagsmonitor.com]
        WEB7[euparliamentmonitor.com]
    end
    
    subgraph "๐Ÿ’ผ Business Systems"
        BUS1[SEB Banking]
        BUS2[Bokio Accounting]
        BUS3[Stripe Payments]
        BUS4[WorkMail Email]
    end
    
    subgraph "๐Ÿš€ Development"
        DEV1[GitHub Repos]
        DEV2[10 IP Assets]
        DEV3[Lambda Functions]
        DEV4[CI/CD Pipeline]
    end
    
    ID1 --> ID4
    SEC1 --> SEC2
    SEC3 --> SEC4
    WEB3 --> WEB1
    WEB3 --> WEB2
    WEB3 --> WEB5
    WEB3 --> WEB6
    WEB3 --> WEB7
    
    style ID1 fill:#4CAF50
    style SEC1 fill:#1565C0
    style WEB1 fill:#FFC107
    style BUS1 fill:#FF9800
    style DEV1 fill:#7B1FA2

7) Change Log

Date (UTC)Change
2026-06-02v2.4: Updated CloudFront to reflect 5 distributions (19.6M requests/mo combined); Added euparliamentmonitor.com to DNS security evidence table; Updated IP asset count to 10 active repos; Added MCP directory listings to controls mindmap; Updated traffic metrics
2026-03-05v2.3: Added euparliamentmonitor.com domain (D-005); Updated EU Parliament Monitor website URL; Updated all mindmaps and security posture diagrams to reflect 5 domains and 10 IP assets
2026-02-26v2.2: Added European Parliament MCP Server, EU Parliament Monitor (euparliamentmonitor), and Riksdagsmonitor to IP assets; Updated mindmaps and security evidence tables; Total 10 IP assets registered
2026-01-25v2.0: Added domains D-003 (ciacompliancemanager.com) and D-004 (riksdagsmonitor.com); Added Game Template to IP; Added comprehensive domain security evidence links (DNSSEC, SPF/DKIM/DMARC, SSL); Marked Sonar CloudFormation Plugin as archived; Updated for ISMS-PUBLIC publication
2025-11-05Added ยง 5.1 IPR Handling and ยง 5.2 Asset Return/Termination procedures (ISO 27001 A.5.11, A.5.32, A.6.5)
2025-08-14Stripe status confirmed active (removed 'planned'); Insurance (Trygg Hansa) planned start 2025-09-01
2025-08-12Initial complete register created from provided inputs

8) Compliance & Audit Trail

DateFindingActionStatus
2025-08-1427 AWS services documentedComplete service inventoryโœ… Completed
2025-08-148 security services activeEnterprise-grade security postureโœ… Active
2025-08-1418 SaaS services integratedDocumented dependenciesโœ… Completed
2026-02-2610 IP assets registeredAdded European Parliament MCP Server, EU Parliament Monitor, Riksdagsmonitorโœ… Active
2026-01-257 IP assets registeredAdded Game Template; Copyright protection confirmed (see Open Source Policy)โœ… Active
2025-08-142 domains with DNSSECEnhanced DNS securityโœ… Completed
2026-01-254 domains with DNSSECAdded ciacompliancemanager.com and riksdagsmonitor.comโœ… Completed
2026-03-055 domains with DNSSECAdded euparliamentmonitor.com (D-005)โœ… Completed
2025-08-14Access keys in usePlan migration to SSO tokensโณ In Progress
2025-08-14No SCPs configuredImplement organizational policies๐Ÿ”ด Not Started
2025-08-14No break-glass procedureDocument emergency access๐Ÿ”ด Not Started

๐ŸŽฏ Strategic & Governance

๐Ÿ” Core Security Policies

๐Ÿ›ก๏ธ Risk & Vulnerability Management

๐Ÿ”— Third-Party & Supply Chain

๐Ÿ”„ Continuity & Recovery

๐Ÿ—๏ธ Architecture & Operations


๐Ÿ“‹ Document Control:
โœ… Approved by: James Pether Sรถrling, CEO
๐Ÿ“ค Distribution: CEO, Insurance Company, Legal Counsel
๐Ÿท๏ธ Classification: Confidentiality: High
๐Ÿ“… Effective Date: 2026-06-02
โฐ Next Review: 2027-09-02
๐ŸŽฏ Framework Compliance: ISO 27001 NIST CSF 2.0 CIS Controls AWS Well-Architected