diff --git a/src/README.md b/src/README.md
deleted file mode 100644
index 0e5f2333..00000000
--- a/src/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-## Adding Metadata to Pages
-
-### Tags
-
-You can add tags to your pages by including them in the frontmatter at the top of your markdown file:
-
-```markdown
----
-tags:
- - Tag1
- - Tag2
----
-
-# Page Title
-```
-
-Tags will be displayed at the top of the page and collected in a tags index page.
-
-### Contributors
-
-You can add contributors to your pages to credit the people who worked on each section. There are two ways to specify contributors:
-
-#### Simple Format (just names)
-
-```markdown
----
-contributors:
- - Matt
- - Steven
- - Your Name
----
-
-# Page Title
-```
-
-#### Detailed Format (with avatars and GitHub profiles)
-
-```markdown
----
-contributors:
- - name: Matt
- avatar: https://github.com/matta.png
- github: https://github.com/matta
- - name: Steven
- avatar: https://github.com/steven.png
- github: https://github.com/steven
- - John Doe # You can mix simple and detailed formats
----
-
-Contributors will be displayed at the top of the page and collected in a contributors index page.
\ No newline at end of file
diff --git a/src/SUMMARY.md b/src/SUMMARY.md
index 0c67405a..102c923c 100644
--- a/src/SUMMARY.md
+++ b/src/SUMMARY.md
@@ -17,21 +17,28 @@
- [Cultivating a Security-Aware Mindset](./awareness/cultivating-a-security-aware-mindset.md)
- [Staying Informed & Continuous Learning](./awareness/staying-informed-and-continuous-learning.md)
- [Resources & Further Reading](./awareness/resources-and-further-reading.md)
-- [Operational Security](./operational-security/README.md)
- - [Detecting and Mitigating Insider Threats](./operational-security/detecting-and-mitigating-insider-threats.md)
- - [G Suite Security](./operational-security/g-suite-security.md)
- - [Password and Secrets Management](./operational-security/password-secrets-management.md)
- - [Physical Security](./operational-security/physical-security.md)
- - [SIM Swapping](./operational-security/sim-swapping.md)
- - [Standard Operating Environment](./operational-security/standard-operating-environment.md)
- - [Telegram](./operational-security/telegram.md)
- - [Wireless Security](./operational-security/wireless-security.md)
-- [Key Management](./key-management/README.md)
- - [Cold vs Hot Wallet](./key-management/cold-vs-hot-wallet.md)
- - [Custodial vs Non-Custodial](./key-management/custodial-vs-non-custodial.md)
- - [Hardware Wallets](./key-management/hardware-wallets.md)
- - [Signing Schemes](./key-management/signing-schemes.md)
- - [Software Wallets](./key-management/software-wallets.md)
+- [Operational Security](./opsec/README.md)
+ - [Core principles](./opsec/principles/README.md)
+ - [Principles in detail](./opsec/principles/principles.md)
+ - [The five steps](./opsec/principles/five-steps.md)
+ - [Web3 considerations](./opsec/principles/web3-considerations.md)
+ - [Threat Modeling overview](./opsec/threat-modeling-overview.md)
+ - [Risk Management](./opsec/risk-management.md)
+ - [Governance & Program Management]()
+
+ - [Control Domains]()
+ - [Lifecycle]()
+ - [Monitoring & Detection]()
+ - [Incident Response & Recovery]()
+ - [Continuous Improvement & Metrics]()
+ - [Integration & Mapping to Other Frameworks]()
+ - [Appendices]()
+- [Wallet Security](./wallet-security/README.md)
+ - [Cold vs Hot Wallet](./wallet-security/cold-vs-hot-wallet.md)
+ - [Custodial vs Non-Custodial](./wallet-security/custodial-vs-non-custodial.md)
+ - [Hardware Wallets](./wallet-security/hardware-wallets.md)
+ - [Signing Schemes](./wallet-security/signing-schemes.md)
+ - [Software Wallets](./wallet-security/software-wallets.md)
- [External Security Reviews](./external-security-reviews/README.md)
- [Expectation](./external-security-reviews/expectation.md)
- [Preparation](./external-security-reviews/preparation.md)
diff --git a/src/community-management/README.md b/src/community-management/README.md
index 98bfd768..9b656e84 100644
--- a/src/community-management/README.md
+++ b/src/community-management/README.md
@@ -20,7 +20,7 @@ Here, we present essential best practices to safeguard your community. In the fo
### Strong Passwords and Two-Factor Authentication (2FA)
-- Use unique, complex passwords for each service and store them securely in a reputable password manager. Refer to the [**Operational Security Framework**](../operational-security/README.md) and [**Key Management Framework**](../key-management/README.md) for more information on this.
+- Use unique, complex passwords for each service and store them securely in a reputable password manager. Refer to the [**Operational Security Framework**](../operational-security/README.md) and [**Wallet Security Framework**](../wallet-security/README.md) for more information on this.
- Secure the email account linked to your community platforms with a unique password and 2FA.
- Always enable 2FA. Prefer hardware-based tokens (e.g., Yubikey) or mobile authenticator apps over SMS-based methods, which are vulnerable to SIM-swapping.
- If you use an authenticator app like Authy, 1Password, or Aegis to generate time-based one-time passwords (TOTP). Ensure that the secret keys are stored encrypted and protected with robust security measures.
diff --git a/src/config/SUMMARY.md.develop b/src/config/SUMMARY.md.develop
index 0c67405a..102c923c 100644
--- a/src/config/SUMMARY.md.develop
+++ b/src/config/SUMMARY.md.develop
@@ -17,21 +17,28 @@
- [Cultivating a Security-Aware Mindset](./awareness/cultivating-a-security-aware-mindset.md)
- [Staying Informed & Continuous Learning](./awareness/staying-informed-and-continuous-learning.md)
- [Resources & Further Reading](./awareness/resources-and-further-reading.md)
-- [Operational Security](./operational-security/README.md)
- - [Detecting and Mitigating Insider Threats](./operational-security/detecting-and-mitigating-insider-threats.md)
- - [G Suite Security](./operational-security/g-suite-security.md)
- - [Password and Secrets Management](./operational-security/password-secrets-management.md)
- - [Physical Security](./operational-security/physical-security.md)
- - [SIM Swapping](./operational-security/sim-swapping.md)
- - [Standard Operating Environment](./operational-security/standard-operating-environment.md)
- - [Telegram](./operational-security/telegram.md)
- - [Wireless Security](./operational-security/wireless-security.md)
-- [Key Management](./key-management/README.md)
- - [Cold vs Hot Wallet](./key-management/cold-vs-hot-wallet.md)
- - [Custodial vs Non-Custodial](./key-management/custodial-vs-non-custodial.md)
- - [Hardware Wallets](./key-management/hardware-wallets.md)
- - [Signing Schemes](./key-management/signing-schemes.md)
- - [Software Wallets](./key-management/software-wallets.md)
+- [Operational Security](./opsec/README.md)
+ - [Core principles](./opsec/principles/README.md)
+ - [Principles in detail](./opsec/principles/principles.md)
+ - [The five steps](./opsec/principles/five-steps.md)
+ - [Web3 considerations](./opsec/principles/web3-considerations.md)
+ - [Threat Modeling overview](./opsec/threat-modeling-overview.md)
+ - [Risk Management](./opsec/risk-management.md)
+ - [Governance & Program Management]()
+
+ - [Control Domains]()
+ - [Lifecycle]()
+ - [Monitoring & Detection]()
+ - [Incident Response & Recovery]()
+ - [Continuous Improvement & Metrics]()
+ - [Integration & Mapping to Other Frameworks]()
+ - [Appendices]()
+- [Wallet Security](./wallet-security/README.md)
+ - [Cold vs Hot Wallet](./wallet-security/cold-vs-hot-wallet.md)
+ - [Custodial vs Non-Custodial](./wallet-security/custodial-vs-non-custodial.md)
+ - [Hardware Wallets](./wallet-security/hardware-wallets.md)
+ - [Signing Schemes](./wallet-security/signing-schemes.md)
+ - [Software Wallets](./wallet-security/software-wallets.md)
- [External Security Reviews](./external-security-reviews/README.md)
- [Expectation](./external-security-reviews/expectation.md)
- [Preparation](./external-security-reviews/preparation.md)
diff --git a/src/config/SUMMARY.md.main b/src/config/SUMMARY.md.main
index 32d40dbe..0dda5562 100644
--- a/src/config/SUMMARY.md.main
+++ b/src/config/SUMMARY.md.main
@@ -17,31 +17,130 @@
- [Cultivating a Security-Aware Mindset](./awareness/cultivating-a-security-aware-mindset.md)
- [Staying Informed & Continuous Learning](./awareness/staying-informed-and-continuous-learning.md)
- [Resources & Further Reading](./awareness/resources-and-further-reading.md)
-- [Operational Security]()
-- [Key Management]()
-- [External Security Reviews]()
-- [Vulnerability Disclosure]()
-- [Infrastructure]()
-- [Monitoring]()
-- [Front-End/Web Application]()
-- [Incident Management]()
-- [Threat Modeling]()
-- [Governance]()
-- [DevSecOps]()
-- [Privacy]()
-- [Supply Chain]()
-- [Security Automation]()
-- [Identity and Access Management IAM]()
-- [Secure Software Development]()
-- [Security Testing]()
+- [Operational Security](./opsec/README.md)
+ - [Fundamentals](./opsec/fundamentals.md)
+ - [Governance & Program Management](./opsec/governance.md)
+ - [Risk Management](./opsec/risk-management.md)
+ - [Control Domains](./opsec/control-domains.md)
+ - [Organizational Controls](./opsec/control-domains/organizational.md)
+ - [People & Personnel](./opsec/control-domains/people.md)
+ - [Physical & Environmental](./opsec/control-domains/physical-environmental.md)
+ - [Technical & Digital](./opsec/control-domains/technical.md)
+ - [Lifecycle](./opsec/lifecycle.md)
+ - [Identify Information & Assets](./opsec/lifecycle/identify.md)
+ - [Threat Modeling & Analysis](./opsec/lifecycle/threat-modeling.md)
+ - [Vulnerability Assessment](./opsec/lifecycle/vulnerability-assessment.md)
+ - [Risk Assessment & Prioritization](./opsec/lifecycle/risk-prioritization.md)
+ - [Countermeasure Selection & Implementation](./opsec/lifecycle/countermeasures.md)
+ - [Monitoring & Detection](./opsec/monitoring-detection.md)
+ - [Incident Response & Recovery](./opsec/incident-response.md)
+ - [Continuous Improvement & Metrics](./opsec/continuous-improvement.md)
+ - [Integration & Mapping to Other Frameworks](./opsec/integration.md)
+ - [Appendices](./opsec/appendices.md)
+ - [Policy & Template Library](./opsec/appendices/policies.md)
+ - [Case Studies & Exercises](./opsec/appendices/case-studies.md)
+ - [Glossary of Terms](./opsec/appendices/glossary.md)
+- [Wallet Security](./wallet-security/README.md)
+ - [Cold vs Hot Wallet](./wallet-security/cold-vs-hot-wallet.md)
+ - [Custodial vs Non-Custodial](./wallet-security/custodial-vs-non-custodial.md)
+ - [Hardware Wallets](./wallet-security/hardware-wallets.md)
+ - [Signing Schemes](./wallet-security/signing-schemes.md)
+ - [Software Wallets](./wallet-security/software-wallets.md)
+- [External Security Reviews](./external-security-reviews/README.md)
+ - [Expectation](./external-security-reviews/expectation.md)
+ - [Preparation](./external-security-reviews/preparation.md)
+ - [Security Policies and Procedures](./external-security-reviews/security-policies-procedures.md)
+ - [Vendor Selection](./external-security-reviews/vendor-selection.md)
+- [Vulnerability Disclosure](./vulnerability-disclosure/README.md)
+ - [Security Contact](./vulnerability-disclosure/security-contact.md)
+ - [Bug Bounties](./vulnerability-disclosure/bug-bounties.md)
+- [Infrastructure](./infrastructure/README.md)
+ - [Asset Inventory](./infrastructure/asset-inventory.md)
+ - [Cloud Infrastructure](./infrastructure/cloud.md)
+ - [DDoS Protection](./infrastructure/ddos-protection.md)
+ - [DNS and Domain Registration](./infrastructure/dns-and-domain-registration.md)
+ - [Identity and Access Management](./infrastructure/identity-and-access-management.md)
+ - [Network Security](./infrastructure/network-security.md)
+ - [Operating System Security](./infrastructure/operating-system-security.md)
+ - [Zero-Trust Principles](./infrastructure/zero-trust-principles.md)
+- [Monitoring](./monitoring/README.md)
+ - [Guidelines](./monitoring/guidelines.md)
+ - [Thresholds](./monitoring/thresholds.md)
+- [Front-End/Web Application](./front-end-web-app/README.md)
+ - [Web Application Security](./front-end-web-app/web-application-security.md)
+ - [Mobile Application Security](./front-end-web-app/mobile-application-security.md)
+ - [Common Vulnerabilities](./front-end-web-app/common-vulnerabilities.md)
+ - [Security Tools and Resources](./front-end-web-app/security-tools-resources.md)
+- [Incident Management](./incident-management/README.md)
+ - [Communication Strategies](./incident-management/communication-strategies.md)
+ - [Incident Detection and Response](./incident-management/incident-detection-and-response.md)
+ - [Lessons Learned](./incident-management/lessons-learned.md)
+ - [Playbooks](./incident-management/playbooks.md)
+ - [SEAL 911 War Room Guidelines](./incident-management/seal-911-war-room-guidelines.md)
+- [Threat Modeling](./threat-modeling/README.md)
+ - [Create and Maintain Threat Models](./threat-modeling/create-maintain-threat-models.md)
+ - [Identity Mitigate Threats](./threat-modeling/identity-mitigate-threats.md)
+- [Governance](./governance/README.md)
+ - [Compliance with Regulatory Requirements](./governance/compliance-regulatory-requirements.md)
+ - [Risk Management](./governance/risk-management.md)
+ - [Security Metrics and KPIs](./governance/security-metrics-kpis.md)
+- [DevSecOps](./devsecops/README.md)
+ - [Code Signing](./devsecops/code-signing.md)
+ - [Continuous Integration and Deployment](./devsecops/continuous-integration-continuous-deployment.md)
+ - [Integrated Development Environments](./devsecops/integrated-development-environments.md)
+ - [Repository Hardening](./devsecops/repository-hardening.md)
+ - [Security Testing](./devsecops/security-testing.md)
+- [Privacy](./privacy/README.md)
+ - [Secure Browsing](./privacy/secure-browsing.md)
+ - [Data Removal Services](./privacy/data-removal-services.md)
+ - [Digital Footprint](./privacy/digital-footprint.md)
+ - [Encrypted Communication Tools](./privacy/encrypted-communication-tools.md)
+ - [Financial Privacy Services](./privacy/financial-privacy-services.md)
+ - [Privacy-Focused Operating Systems and Tools](./privacy/privacy-focused-operating-systems-tools.md)
+ - [VPN Services](./privacy/vpn-services.md)
+- [Supply Chain](./supply-chain/README.md)
+ - [Dependency Awareness](./supply-chain/dependency-awareness.md)
+ - [Supply Chain Levels for Software Artifacts](./supply-chain/supply-chain-levels-software-artifacts.md)
+- [Security Automation](./security-automation/README.md)
+ - [Threat Detection and Response](./security-automation/threat-detection-response.md)
+ - [Compliance Checks](./security-automation/compliance-checks.md)
+ - [Infrastructure as Code](./security-automation/infrastructure-as-code.md)
+- [Identity and Access Management IAM](./iam/README.md)
+ - [Role-Based Access Control](./iam/role-based-access-control.md)
+ - [Secure Authentication](./iam/secure-authentication.md)
+ - [Access Management Best Practices](./iam/access-management.md)
+- [Secure Software Development](./secure-software-development/README.md)
+ - [Secure Coding Standards Guidelines](./secure-software-development/secure-coding-standards-guidelines.md)
+ - [Code Reviews and Peer Audits](./secure-software-development/code-reviews-peer-audits.md)
+ - [Secure Code Repositories and Version Control](./secure-software-development/secure-code-repositories-version-control.md)
+ - [Threat Modeling and Secure Design Principles](./secure-software-development/threat-modeling-secure-design-principles.md)
+- [Security Testing](./security-testing/README.md)
+ - [Dynamic Application Security Testing](./security-testing/dynamic-application-security-testing.md)
+ - [Fuzz Testing](./security-testing/fuzz-testing.md)
+ - [Security Regression Testing](./security-testing/security-regression-testing.md)
+ - [Static Application Security Testing](./security-testing/static-application-security-testing.md)
- [ENS](./ens/README.md)
- [Data Integrity & Verification](./ens/data-integrity-verification.md)
- [Cross-Chain Compatibility](./ens/cross-chain-compatibility.md)
- [Smart Contract Integration](./ens/smart-contract-integration.md)
- [Interface Compliance](./ens/interface-compliance.md)
- [Name Handling & Normalization](./ens/name-handling-normalization.md)
-- [Safe Harbor]()
-- [Encryption]()
+- [Safe Harbor](./safe-harbor/README.md)
+ - [Key Terms](./safe-harbor/key-terms.md)
+ - [Protocol](./safe-harbor/protocol.md)
+ - [Technical Outline](./safe-harbor/technical-outline.md)
+ - [Whitehat](./safe-harbor/whitehat.md)
+- [Encryption](./encryption/README.md)
+ - [Cloud Data Encryption](./encryption/cloud-data-encryption.md)
+ - [Communication Encryption](./encryption/communication-encryption.md)
+ - [Database Encryption](./encryption/database-encryption.md)
+ - [Email Encryption](./encryption/email-encryption.md)
+ - [Encryption in Transit](./encryption/encryption-in-transit.md)
+ - [File Encryption](./encryption/file-encryption.md)
+ - [Full Disk Encryption](./encryption/full-disk-encryption.md)
+ - [Hardware Encryption](./encryption/hardware-encryption.md)
+ - [Partition Encryption](./encryption/partition-encryption.md)
+ - [Volume Encryption](./encryption/volume-encryption.md)
# About this
diff --git a/src/config/template.md b/src/config/template.md
new file mode 100644
index 00000000..a579365c
--- /dev/null
+++ b/src/config/template.md
@@ -0,0 +1,70 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Community & Marketing
+ - HR
+ - Engineer/Developer
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# {{ Title of this Page }}
+
+
+Key Takeaway prompt: Without removing or modifying anything in the document, just after the heading, describe in a succint way (no more than 40 words), all the key points or tl;dr so that anyone can get a good grasp of the contents just by reading it. Don't add unnecessary sentences that sound like conclusions, like "By ensuring this..." "Doing all these...", "Having these security practinces...". Use the following format > π **Key Takeaway**:
+
+[Context / Problem statement. In this first part, we introduce the topic, in no more than a few paragraphs. For example for Threat Modeling inside Operational Security Framework: "Effective security requires understanding **what you're protecting and who you're protecting it from**. Without a structured threat model, security efforts become unfocused and inefficient. Different entities face different threats based on their assets, visibility, and technological footprint." It can be this short, or it can have more context]
+
+## Practical guidance
+
+1. **Step-by-Step Actions** β numbered list users can follow.
+2. **Best-Practice Checklist** β bullet list they can literally tick.
+3. **Role-Based Tips** β highlight differences for Ops, HR, Dev, etc.
+(This mirrors OWASP Cheat Sheet brevity.)
+
+## Why is it important
+
+Explain consequences of ignoring this guidance and link to real incidents or CISA/NIST advisories supporting each risk.
+
+## Implementation details
+
+| Sub-Topic | Related Page |
+|-----------|--------------|
+| Device Hardening | `../endpoint-security/...` |
+| Network Segmentation | `../network-security/...` |
+
+Cross-linking reduces duplication, following docs-as-code best practice.
+
+## 5 Common pitfalls & examples
+
+Real-world breach snippets or failure stories that illustrate mistakes to avoid.
+
+## 6 Quick-reference / Cheat sheet
+
+A compact table or numbered list for on-the-job use, inspired by OWASP cheat sheets.
+
+## 7 Further Reading & Tools
+
+Automatically generated from the `references:` field or add authoritative links here.
+
+
\ No newline at end of file
diff --git a/src/intro/overview-of-each-framework.md b/src/intro/overview-of-each-framework.md
index c6f04991..9a2a1809 100644
--- a/src/intro/overview-of-each-framework.md
+++ b/src/intro/overview-of-each-framework.md
@@ -24,7 +24,7 @@ This section addresses security considerations specific to the user-facing compo
This framework explores best practices for securing and managing online communities associated with Web3 projects, particularly on platforms like Discord and Twitter.
-## Key Management
+## Wallet Security
This section delves into the crucial aspect of managing cryptographic keys in Web3 projects, discussing various wallet types and signing schemes.
diff --git a/src/operational-security/README.md b/src/operational-security/README.md
index 61016f45..ab87dc90 100644
--- a/src/operational-security/README.md
+++ b/src/operational-security/README.md
@@ -13,4 +13,19 @@ Operational security, often abbreviated as **OpSec** provides a range of practic
Operational security is not just a concern for large corporations or government agencies; it is relevant to any project that handles sensitive information, including personal data or digital assets. The consequences of failing to implement robust OpSec measures can be severe, ranging from financial losses to reputational damage, and legal liabilities.
-The level of Operational Security to apply will differ greatly depending on the risk appetite the team is willing to accept.
\ No newline at end of file
+The level of Operational Security to apply will differ greatly depending on the risk appetite the team is willing to accept.
+
+## Framework Contents
+
+1. [Core OpSec Principles](./core-opsec-principles.md) - Foundational security concepts and methodologies
+2. [Human-Centered Security](./human-centered-security/README.md) - Security measures focused on the human element
+3. [Digital Identity and Access Management](./digital-identity-access/README.md) - Managing digital identities and controlling access
+4. [Device and Endpoint Security](./device-endpoint-security/README.md) - Securing individual devices and endpoints
+5. [Network and Communication Security](./network-communication/README.md) - Securing networks and communications channels
+6. [Data Protection](./data-protection/README.md) - Safeguarding sensitive data throughout its lifecycle
+7. [Cloud and Third-Party Security](./cloud-third-party/README.md) - Securing cloud environments and third-party relationships
+8. [Physical Security](./physical-security/README.md) - Protecting physical assets and environments
+9. [Incident Response and Recovery](./incident-response-recovery.md) - Responding to and recovering from security incidents
+10. [Compliance and Governance](./compliance-governance.md) - Meeting regulatory requirements and establishing governance
+11. [Web3-Specific OpSec](./web3-specific-opsec/README.md) - Operational security considerations unique to Web3
+12. [Resources and Tools](./resources-tools.md) - Useful tools, templates, and further reading
\ No newline at end of file
diff --git a/src/operational-security/cloud-third-party/README.md b/src/operational-security/cloud-third-party/README.md
new file mode 100644
index 00000000..057a207e
--- /dev/null
+++ b/src/operational-security/cloud-third-party/README.md
@@ -0,0 +1,45 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Cloud and Third-Party Security
+
+In today's interconnected digital ecosystem, organizations rely heavily on cloud services and third-party vendors to operate efficiently. However, these dependencies introduce security risks that must be carefully managed.
+
+## Introduction
+
+Cloud and third-party security focuses on protecting data and operations that depend on external providers. It encompasses the assessment, monitoring, and management of security risks associated with cloud services, software-as-a-service (SaaS) applications, and third-party vendors that have access to your systems or data.
+
+## Key Components
+
+This section covers the following aspects of cloud and third-party security:
+
+1. [G-Suite Security](./g-suite-security.md) - Securing Google Workspace (formerly G-Suite) environments
+2. [Cloud Security Fundamentals](./cloud-security-fundamentals.md) - Essential security considerations for cloud environments
+3. [SaaS Security](./saas-security.md) - Securing software-as-a-service applications
+4. [Vendor Security Assessment](./vendor-security-assessment.md) - Evaluating and monitoring the security of third-party vendors
+5. [API Security](./api-security.md) - Securing application programming interfaces
+
+## Risk-Based Approach
+
+Cloud and third-party security should be implemented based on the sensitivity of the data being handled and the criticality of the services provided:
+
+1. Inventory all cloud services and third-party relationships
+2. Classify providers based on the data they handle and criticality to operations
+3. Implement appropriate security controls and monitoring based on risk levels
+4. Regularly review and audit third-party security practices
+
+## Web3 Considerations
+
+In Web3 environments, cloud and third-party security includes additional considerations:
+
+- The security of blockchain infrastructure providers
+- The risks associated with decentralized services and protocols
+- The assessment of smart contract dependencies
+- The security of Web3 development and deployment tools
+
+The guidance in this section addresses both traditional and Web3-specific cloud and third-party security considerations.
\ No newline at end of file
diff --git a/src/operational-security/g-suite-security.md b/src/operational-security/cloud-third-party/g-suite-security.md
similarity index 100%
rename from src/operational-security/g-suite-security.md
rename to src/operational-security/cloud-third-party/g-suite-security.md
diff --git a/src/operational-security/core-opsec-principles.md b/src/operational-security/core-opsec-principles.md
new file mode 100644
index 00000000..8496f15c
--- /dev/null
+++ b/src/operational-security/core-opsec-principles.md
@@ -0,0 +1,148 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Core OpSec Principles
+
+Operational security is built on fundamental principles that guide the implementation of security controls and practices. These principles provide a foundation for developing a comprehensive security posture that protects your organization's assets, operations, and reputation.
+
+> **Practical Example: Web3 Organization**
+>
+> Consider a Web3 project managing a DeFi protocol with a treasury of $10M in assets. Proper operational security would involve:
+>
+> - **Multiple security layers**: Hardware wallets for cold storage, multi-signature requirements for transactions, regular security audits, and continuous monitoring
+> - **Access control**: Only specific team members have access to deployment keys, with different permission levels for development, testing, and production environments
+> - **Compartmentalized information**: Private keys for multi-signature wallets are distributed among trusted team members with no single person having access to all keys, and sensitive incident response procedures are only shared with the security team
+> - **Regular threat assessment**: The team conducts quarterly reviews of potential attack vectors, from smart contract vulnerabilities to [social engineering](../awareness/social-engineering.md) attempts targeting team members
+
+## Defense in Depth
+
+Defense in Depth is the practice of layering security controls throughout your systems and processes, so that if one control fails, others will provide protection.
+
+> **π Related Framework:** This principle is applied across multiple frameworks including [Infrastructure](../infrastructure/) with [Zero-Trust Principles](../infrastructure/zero-trust-principles.md) and [Network Security](../infrastructure/network-security.md).
+
+### Implementation
+
+1. Deploy multiple security controls that address the same risk in different ways
+2. Implement security at various layers: physical, technical, administrative, and human
+3. Ensure no single point of failure exists in your security architecture
+4. Review the effectiveness of security layers regularly to identify gaps
+5. Foster a [security-aware mindset](../awareness/cultivating-a-security-aware-mindset.md) across all team members
+
+## Principle of Least Privilege
+
+The Principle of Least Privilege dictates that users, systems, and processes should have only the minimum access rights necessary to perform their functions.
+
+> **π Related Framework:** For comprehensive implementation, see [Identity and Access Management](../iam/) and [Role-Based Access Control](../iam/role-based-access-control.md).
+
+### Implementation
+
+1. Grant the minimum level of access required for users to perform their duties
+2. Review and adjust access rights when roles change
+3. Implement role-based access control (RBAC) to standardize permissions
+4. Use time-limited and just-in-time access for administrative privileges
+5. Regularly audit access rights to identify and remove excessive permissions
+6. Establish a thorough offboarding process to immediately revoke access when team members leave
+7. Remove credentials for deactivated accounts, as these can become security liabilities even when dormant
+
+## Need-to-Know Basis
+
+Information should only be shared with individuals who require that information to perform their duties.
+
+> **π Related Framework:** This principle is supported by practices in [Data Protection](../operational-security/data-protection/) and aspects of [Privacy](../privacy/).
+
+### Implementation
+
+1. Classify information based on sensitivity and restrict access accordingly
+2. Compartmentalize sensitive information to limit exposure in case of a breach
+3. Implement clear data handling and sharing policies
+4. Train team members on proper handling and sharing of sensitive information through regular [security training](../awareness/security-training.md)
+5. Use secure communication channels for sensitive information
+
+## Threat Modeling for OpSec
+
+Threat modeling involves systematically identifying potential threats, vulnerabilities, and attack vectors to prioritize security controls.
+
+> **π Related Framework:** For detailed methodology and implementation, see the [Threat Modeling](../threat-modeling/) framework, including guides on how to [Create and Maintain Threat Models](../threat-modeling/create-maintain-threat-models.md) and [Identify and Mitigate Threats](../threat-modeling/identity-mitigate-threats.md).
+
+### Implementation
+
+1. Identify critical assets and operations that need protection
+2. Enumerate potential threats and their impact on your organization
+3. Assess vulnerabilities that could be exploited
+4. Evaluate existing controls and their effectiveness
+5. Develop a prioritized plan to address identified risks
+6. Maintain awareness of common [threat vectors](../awareness/understanding-threat-vectors.md) relevant to your organization
+
+## Risk Assessment and Management
+
+Systematic evaluation and prioritization of security risks to guide resource allocation and security decision-making.
+
+> **π Related Framework:** For comprehensive risk management strategies, refer to [Governance](../governance/) and [Risk Management](../governance/risk-management.md).
+
+### Implementation
+
+1. Identify and categorize assets based on their value and criticality
+2. Assess threats and vulnerabilities relevant to those assets
+3. Determine the likelihood and potential impact of security incidents
+4. Implement controls based on risk levels
+5. Regularly reassess risks as the environment and threats evolve
+
+## Continuous Monitoring and Improvement
+
+Security is not a one-time implementation but a continuous process of monitoring, evaluating, and improving.
+
+> **π Related Framework:** For implementation details, see the [Monitoring](../monitoring/) framework, including [Guidelines](../monitoring/guidelines.md) and [Thresholds](../monitoring/thresholds.md). Also relevant is [Incident Management](../incident-management/) for response to detected issues.
+
+### Implementation
+
+1. Establish security metrics to measure the effectiveness of controls
+2. Implement monitoring systems to detect security events and anomalies
+3. Conduct regular security assessments and penetration tests
+4. Learn from security incidents and near-misses
+5. Update security controls based on new threats, vulnerabilities, and technologies
+6. Ensure team members are [staying informed and continuously learning](../awareness/staying-informed-and-continuous-learning.md) about evolving security threats
+7. Utilize available [security resources](../awareness/resources-and-further-reading.md) to keep your security practices current
+
+## Web3-Specific OpSec Principles
+
+In addition to traditional OpSec principles, Web3 environments require consideration of:
+
+> **π Related Framework:** Explore the dedicated [Web3-Specific OpSec](../operational-security/web3-specific-opsec/) framework for comprehensive guidance.
+
+### Transparency vs. Privacy
+
+Balancing the transparent nature of blockchain with the need for operational privacy.
+
+### Implementation
+
+1. Understand what information is publicly visible on-chain
+2. Develop strategies to maintain operational privacy while utilizing public blockchains
+3. Use privacy-enhancing technologies where appropriate
+
+### Immutability and Finality
+
+Recognizing that blockchain transactions are generally irreversible, requiring heightened security before execution.
+
+### Implementation
+
+1. Implement robust verification procedures before executing transactions
+2. Use multi-signature requirements for high-value transactions
+3. Deploy transaction simulation tools to verify outcomes before execution
+
+### Self-Custody Responsibility
+
+> **π Related Framework:** For detailed guidance on wallet security practices, see the [Wallet Security](../wallet-security/) framework.
+
+### Implementation
+
+1. Develop clear procedures for wallet security
+2. Implement separation of duties for transaction approval
+3. Balance security with operational efficiency
+4. [Stay up-to-date](../awareness/staying-up-to-date.md) with best practices in wallet security and custody solutions
+
+By adhering to these core principles, organizations can build a strong foundation for operational security that addresses both traditional and Web3-specific security challenges.
diff --git a/src/operational-security/data-protection/README.md b/src/operational-security/data-protection/README.md
new file mode 100644
index 00000000..83e82ae5
--- /dev/null
+++ b/src/operational-security/data-protection/README.md
@@ -0,0 +1,47 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+ - Compliance
+---
+
+# Data Protection
+
+Data is one of an organization's most valuable assets, and protecting it throughout its lifecycle is a critical component of operational security.
+
+## Introduction
+
+Data protection encompasses the strategies, policies, tools, and techniques used to secure data at rest, in transit, and in use. It involves not only technical controls but also procedural and administrative measures designed to safeguard sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.
+
+## Key Components
+
+This section covers the following aspects of data protection:
+
+1. [Data Classification](./data-classification.md) - Categorizing data based on sensitivity and value
+2. [Encryption](./encryption.md) - Protecting data through cryptographic methods
+3. [Data Loss Prevention](./data-loss-prevention.md) - Controls to prevent unauthorized data exfiltration
+4. [Secure Data Sharing](./secure-data-sharing.md) - Methods for securely sharing data with authorized parties
+5. [Data Backup and Recovery](./data-backup-recovery.md) - Ensuring data availability and resilience
+6. [Data Minimization and Retention](./data-minimization-retention.md) - Principles for data lifecycle management
+
+## Risk-Based Approach
+
+Data protection should be implemented based on the sensitivity and value of the data being protected:
+
+1. Identify and classify data based on sensitivity and regulatory requirements
+2. Assess the potential impact of data breaches or loss
+3. Implement appropriate security controls based on risk levels
+4. Regularly audit data protection measures and adapt to evolving threats
+
+## Web3 Considerations
+
+In Web3 environments, data protection includes additional considerations:
+
+- The balance between on-chain transparency and privacy
+- Protecting cryptographic secrets that control assets
+- The implications of immutable data stored on blockchains
+- Privacy-preserving techniques for blockchain interactions
+
+The guidance in this section addresses both traditional and Web3-specific data protection considerations, helping organizations implement appropriate safeguards regardless of their technological environment.
\ No newline at end of file
diff --git a/src/operational-security/device-endpoint-security/README.md b/src/operational-security/device-endpoint-security/README.md
new file mode 100644
index 00000000..567b3c18
--- /dev/null
+++ b/src/operational-security/device-endpoint-security/README.md
@@ -0,0 +1,45 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Device and Endpoint Security
+
+Securing the devices used by your organization is a critical component of operational security. Endpoints such as laptops, desktops, mobile devices, and servers are common entry points for attackers and require robust protection.
+
+## Introduction
+
+Device and endpoint security encompasses the policies, tools, and practices that protect individual computing devices from threats. As the boundary between work and personal devices blurs, and as remote work becomes more common, securing endpoints has become increasingly challenging and important.
+
+## Key Components
+
+This section covers the following aspects of device and endpoint security:
+
+1. [Standard Operating Environment](./standard-operating-environment.md) - Establishing and maintaining secure baseline configurations
+2. [Endpoint Protection](./endpoint-protection.md) - Tools and technologies to protect endpoints from malware and other threats
+3. [Mobile Device Security](./mobile-device-security.md) - Securing smartphones, tablets, and other mobile devices
+4. [Secure Configuration](./secure-configuration.md) - Hardening devices through secure configuration practices
+5. [Patch Management](./patch-management.md) - Keeping systems updated to address known vulnerabilities
+
+## Risk-Based Approach
+
+Device and endpoint security should be implemented based on the sensitivity of the data being handled and the criticality of the device to operations:
+
+1. Inventory all devices that access organizational resources
+2. Classify devices based on the data they handle and criticality to operations
+3. Implement appropriate security controls based on risk levels
+4. Regularly audit device compliance with security policies
+
+## Web3 Considerations
+
+In Web3 environments, device and endpoint security includes additional considerations:
+
+- Securing devices used for cryptocurrency transactions and wallet security
+- Protecting hardware wallets and other specialized Web3 hardware
+- Addressing the risks of browser-based Web3 interactions
+- Securing devices that participate in blockchain networks (e.g., validator nodes)
+
+The guidance in this section addresses both traditional and Web3-specific device and endpoint security considerations.
\ No newline at end of file
diff --git a/src/operational-security/standard-operating-environment.md b/src/operational-security/device-endpoint-security/standard-operating-environment.md
similarity index 100%
rename from src/operational-security/standard-operating-environment.md
rename to src/operational-security/device-endpoint-security/standard-operating-environment.md
diff --git a/src/operational-security/digital-identity-access/README.md b/src/operational-security/digital-identity-access/README.md
new file mode 100644
index 00000000..6c828191
--- /dev/null
+++ b/src/operational-security/digital-identity-access/README.md
@@ -0,0 +1 @@
+# Digital Identity and Access Management
diff --git a/src/operational-security/password-secrets-management.md b/src/operational-security/digital-identity-access/password-secrets-management.md
similarity index 100%
rename from src/operational-security/password-secrets-management.md
rename to src/operational-security/digital-identity-access/password-secrets-management.md
diff --git a/src/operational-security/sim-swapping.md b/src/operational-security/digital-identity-access/sim-swapping.md
similarity index 100%
rename from src/operational-security/sim-swapping.md
rename to src/operational-security/digital-identity-access/sim-swapping.md
diff --git a/src/operational-security/human-centered-security/README.md b/src/operational-security/human-centered-security/README.md
new file mode 100644
index 00000000..d7451e86
--- /dev/null
+++ b/src/operational-security/human-centered-security/README.md
@@ -0,0 +1,38 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - HR
+---
+
+# Human-Centered Security
+
+Security is not just about technologyβit's about people. The human element is often the most vulnerable part of any security system, making human-centered security approaches essential for a robust operational security posture.
+
+## Introduction
+
+Human-centered security focuses on understanding, supporting, and enhancing the security behaviors of individuals within an organization. It recognizes that security is a shared responsibility and that technical controls alone cannot provide comprehensive protection without considering the human factors involved.
+
+## Key Components
+
+This section covers the following aspects of human-centered security:
+
+1. [Insider Threat Detection and Mitigation](./detecting-and-mitigating-insider-threats.md) - Strategies for identifying and mitigating risks posed by insiders
+2. [Social Engineering Defense](./social-engineering-defense.md) - Techniques to protect against manipulation and deception
+3. [Travel Security](./travel-security.md) - Security considerations for team members when traveling
+4. [Personal OpSec for Team Members](./personal-opsec.md) - Guidelines for individuals to maintain security in their personal activities
+
+## Intersection with Awareness
+
+While this section focuses on operational measures to address human-centered security, it works in close conjunction with the [Security Awareness Framework](../../awareness/). The awareness framework provides the educational foundation, while human-centered security implements the operational controls and procedures needed to protect against human-related security risks.
+
+## Risk-Based Approach
+
+Not all human-centered security risks are equal. Organizations should adopt a risk-based approach by:
+
+1. Identifying roles with access to critical assets or sensitive information
+2. Assessing the potential impact of human errors or malicious actions
+3. Implementing controls proportionate to the identified risks
+4. Creating an environment where security is valued and prioritized
+
+Focusing on human factors in security, organizations can create a more resilient security posture that combines technical controls with human awareness and behavior.
\ No newline at end of file
diff --git a/src/operational-security/detecting-and-mitigating-insider-threats.md b/src/operational-security/human-centered-security/detecting-and-mitigating-insider-threats.md
similarity index 50%
rename from src/operational-security/detecting-and-mitigating-insider-threats.md
rename to src/operational-security/human-centered-security/detecting-and-mitigating-insider-threats.md
index b00c0a42..2f81f951 100644
--- a/src/operational-security/detecting-and-mitigating-insider-threats.md
+++ b/src/operational-security/human-centered-security/detecting-and-mitigating-insider-threats.md
@@ -6,7 +6,6 @@ tags:
# Detecting and Mitigating Insider Threats
-
Insider threats, whether intentional or unintentional, pose a significant risk to any project. These threats can come from current or former employees, contractors, or business associates who have inside information concerning the project's security practices, data, and computer systems. Effective detection and mitigation strategies are crucial for safeguarding your project against these risks.
## What Are Insider Threats?
@@ -17,6 +16,53 @@ Insider threats can be categorized into three main types:
2. **Negligent Insiders**: Team members who unintentionally cause security breaches through careless actions, such as falling for phishing attacks or mishandling sensitive data.
3. **Compromised Insiders**: Team members whose accounts or systems are compromised by external threat actors and used to gain access to the project's resources.
+## Understanding Insider Threat Motivations
+
+Understanding what motivates insider threats is crucial for detection and prevention:
+
+### Financial Motivations
+
+* Financial gain is one of the most common motivations
+* Employees may be offered substantial bribes to compromise systems
+* In the blockchain space, the potential rewards can be particularly high
+
+### Coercion and Social Engineering
+
+* External actors may blackmail or threaten employees to gain cooperation
+* Social engineering techniques can manipulate employees into providing access
+* As reported by Krebs on Security, employees at domain registrars have been targeted by threat actors who persuaded them to modify DNS records or provide unauthorized access to high-value domains[^1]
+
+### Ideological or Political Reasons
+
+* Some insiders act based on political beliefs or ideological disagreements
+* They may believe they're exposing perceived wrongdoing or supporting a cause
+
+### Personal Grievances
+
+* Disgruntled employees seeking revenge for perceived mistreatment
+* Former employees with lingering access and unresolved issues
+
+### Lack of Awareness
+
+* Some insiders don't realize the value of what they're compromising
+* They may not understand the security implications of their actions
+
+
+### Some Examples
+
+- The 2020 Twitter breach exemplifies compromised insiders - employees with legitimate access were socially engineered to provide their credentials, allowing attackers to take control of high-profile accounts[^2]. While the employees didn't intend harm, they became unwitting insider threats after being manipulated.
+
+- Similarly, the 2022 Ronin Network hack ($625 million) began with social engineering of a Sky Mavis senior engineer. This employee became a compromised insider, giving attackers access to four validator nodes. Combined with a third-party validator, this allowed the massive cryptocurrency theft[^3]. This demonstrates how social engineering creates insider threats even when employees have no malicious intent.
+
+- The 2019 SIM-swapping attacks represent a more direct insider threat scenario. Mobile carrier employees were bribed or socially engineered to transfer victims' phone numbers to attacker-controlled SIMs. In Michael Terpin's case against AT&T, an employee allegedly accepted payment to compromise his account, leading to $24 million in cryptocurrency theft[^4]. This represents both compromised insiders and potentially malicious insiders who knowingly participated in exchange for payment.
+
+These examples highlight the intersection of social engineering and insider threats, where external attackers manipulate employees to gain unauthorized access.
+
+[^1]: Brian Krebs, "How Paypal and GoDaddy Got Hijacked: A Cautionary Tale," Krebs on Security, 2019.
+[^2]: Twitter Support, "An update on our security incident," Twitter Blog, July 2020.
+[^3]: Ronin Network, "Ronin Network Breach Postmortem," April 2022.
+[^4]: "Cryptocurrency investor sues AT&T for $224 million over SIM-swap fraud," Reuters, August 2018.
+
## Detecting Insider Threats
### Monitoring and Analytics
@@ -55,4 +101,4 @@ Insider threats can be categorized into three main types:
### Behavioral and Cultural Measures
-1. Foster a culture of security awareness where team members understand the importance of protecting sensitive information and reporting suspicious activities.
\ No newline at end of file
+1. Foster a [culture of security awareness](../../awareness/security-culture/README.md) where team members understand the importance of protecting sensitive information and reporting suspicious activities.
\ No newline at end of file
diff --git a/src/operational-security/human-centered-security/personal-opsec.md b/src/operational-security/human-centered-security/personal-opsec.md
new file mode 100644
index 00000000..eb0de234
--- /dev/null
+++ b/src/operational-security/human-centered-security/personal-opsec.md
@@ -0,0 +1,97 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Individual Security
+---
+
+# Personal OpSec for Team Members
+
+Personal operational security (OpSec) extends beyond the workplace, encompassing practices that team members should implement in their personal lives to protect both themselves and organizational assets. This is particularly important in Web3 where the boundaries between personal and professional digital presence are often blurred.
+
+## Digital Footprint Management
+
+### Social Media Practices
+
+1. Regularly audit and adjust privacy settings on all social media platforms
+2. Be cautious about revealing employment details, especially for high-profile or security-sensitive roles
+3. Avoid sharing location data in real-time, particularly during travel
+4. Consider using separate accounts for professional and personal interactions
+5. Be mindful of information revealed in photos, including backgrounds that might expose sensitive information
+
+### Public Information Minimization
+
+1. Periodically search for your own name and digital identifiers to understand your public exposure
+2. Request removal of sensitive personal information from data broker sites
+3. Use domain privacy services if you own personal domains
+4. Consider using pseudonyms for non-professional online activities where appropriate and legal
+
+## Personal Device Security
+
+### Home Network Security
+
+1. Secure home Wi-Fi networks with strong passwords and WPA3 encryption when available
+2. Segment networks to separate IoT devices from computers used for work
+3. Keep router firmware updated and change default administrative credentials
+4. Consider using a dedicated VLAN for work activities conducted from home
+
+### Personal Device Hardening
+
+1. Apply the same security standards to personal devices used for work as corporate devices
+2. Implement automatic updates for operating systems and applications
+3. Use password managers to maintain strong, unique passwords across services
+4. Enable full-disk encryption on all personal devices
+5. Install and maintain reputable security software
+
+## Secure Communication Practices
+
+1. Use end-to-end encrypted messaging platforms for sensitive communications
+2. Be aware of metadata exposure even when content is encrypted
+3. Verify security of communication channels before discussing sensitive topics
+4. Consider using separate phone numbers or identifiers for high-security communications
+5. Apply appropriate security measures to personal email accounts, including MFA
+
+## Physical Security Awareness
+
+1. Be conscious of physical surroundings when accessing sensitive information
+2. Secure physical documents and devices at home, especially when traveling
+3. Consider appropriate home security measures based on role sensitivity
+4. Practice good physical security habits like using privacy screens in public places
+
+## Web3-Specific Personal OpSec
+
+### Cryptocurrency Security
+
+1. Separate personal and work-related wallets and accounts
+2. Apply strong security practices to personal crypto holdings
+3. Be cautious about revealing personal cryptocurrency holdings or involvement in projects
+4. Consider the implications of blockchain transparency and on-chain activity linkability
+5. Use hardware wallets for long-term storage of significant personal assets
+
+### Identity Separation
+
+1. Consider separating on-chain identities used for work from personal activities
+2. Be aware of how personal ENS names or identifiers may link to work-related activities
+3. Understand the risks of doxing in the Web3 space and take appropriate precautions
+
+## Personal Threat Modeling
+
+1. Assess personal risk based on role, project visibility, and asset access
+2. Identify potential adversaries and their capabilities
+3. Implement security measures proportionate to identified risks
+4. Periodically reassess as role or external factors change
+
+## Balance and Sustainability
+
+1. Focus on high-impact security practices that are sustainable long-term
+2. Recognize that perfect security is impossible and aim for reasonable protections
+3. Develop habits that incorporate security into daily routines
+4. Understand the trade-offs between convenience and security in personal life
+
+## Reporting and Support
+
+1. Know how to report suspicious activities that might target you personally due to your role
+2. Understand what organizational support is available for personal security incidents
+3. Maintain awareness of current threats targeting individuals in your industry or role
+
+By implementing personal OpSec practices, team members can significantly reduce security risks that originate outside the workplace while maintaining a reasonable balance between security and quality of life.
\ No newline at end of file
diff --git a/src/operational-security/human-centered-security/social-engineering-defense.md b/src/operational-security/human-centered-security/social-engineering-defense.md
new file mode 100644
index 00000000..cd1edb51
--- /dev/null
+++ b/src/operational-security/human-centered-security/social-engineering-defense.md
@@ -0,0 +1,76 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Human Resources
+---
+
+# Social Engineering Defense
+
+Social engineering attacks target the human element of security by manipulating individuals into breaking security protocols, revealing sensitive information, or granting unauthorized access. Defending against these attacks requires a combination of awareness, training, and operational controls.
+
+## Understanding Social Engineering
+
+Social engineering encompasses various manipulation techniques that exploit human psychology rather than technical vulnerabilities. For a comprehensive overview of common attack vectors, refer to our [Security Awareness Attack Vectors](../../awareness/attack-vectors/README.md) documentation.
+
+## General Defense Strategies
+
+Regardless of the specific social engineering technique, several core defensive measures are effective:
+
+1. **Implement Verification Protocols**: Establish multi-step verification procedures for sensitive requests, especially those involving financial transactions, credential changes, or access modifications
+
+2. **Develop a Questioning Culture**: Encourage team members to verify unexpected requests through alternative communication channels, even when they appear to come from trusted sources
+
+3. **Technical Controls**: Deploy appropriate filtering, monitoring, and access control systems to detect and prevent social engineering attempts
+
+4. **Regular Training**: Conduct ongoing security awareness training with realistic scenarios based on current threats
+
+5. **Clear Reporting Mechanisms**: Create simple, accessible ways for team members to report suspected social engineering attempts
+
+## Specific Defensive Considerations
+
+While general principles apply broadly, some attack vectors require specific defensive approaches:
+
+### Phishing Defense
+
+Email and messaging-based deception requires specialized filtering solutions and training team members to recognize suspicious indicators like sender addresses, grammatical errors, and urgent requests.
+
+### Voice and In-Person Manipulation Defense
+
+For pretexting, vishing, and impersonation attacks, implement strict identity verification procedures and establish clear escalation paths for unusual requests.
+
+### Physical Security Considerations
+
+To counter baiting, tailgating, and physical social engineering, develop protocols for handling unknown devices, visitor management, and physical access controls.
+
+## Cross-Function Collaboration
+
+Effective social engineering defense requires collaboration across multiple organizational functions:
+
+1. **Security Teams**: Implement technical controls and monitoring systems
+2. **Human Resources**: Incorporate security awareness into onboarding and ongoing training
+3. **Communications**: Develop clear guidelines for verifying the authenticity of communications
+4. **Leadership**: Demonstrate a commitment to security through policies and practices
+
+## Integration with Threat Intelligence
+
+1. Stay informed about emerging social engineering tactics through threat intelligence sources
+2. Update training materials and defenses based on current threat landscape
+3. Share information about attempted attacks with the broader security community when appropriate
+
+## Incident Response for Social Engineering Attacks
+
+1. Document all suspected social engineering attempts
+2. Establish clear reporting mechanisms for team members who believe they've been targeted
+3. Create specific response procedures for different types of social engineering attacks
+4. Conduct post-incident reviews to identify lessons learned and improve defenses
+
+## Building Resilience
+
+The goal of social engineering defense is not just to prevent specific attacks but to build organizational resilience:
+
+1. Foster a security culture where questioning unusual requests is encouraged, not penalized
+2. Develop and practice "security skepticism" as a valued trait
+3. Design systems and processes with human behavior in mind, acknowledging that perfect compliance is unrealistic
+
+Combining technical controls with human awareness and organizational procedures, teams can significantly reduce their vulnerability to social engineering attacks.
\ No newline at end of file
diff --git a/src/operational-security/human-centered-security/travel-security.md b/src/operational-security/human-centered-security/travel-security.md
new file mode 100644
index 00000000..b29c1a96
--- /dev/null
+++ b/src/operational-security/human-centered-security/travel-security.md
@@ -0,0 +1,94 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Travel
+ - Physical Security
+---
+
+# Travel Security
+
+Team members traveling for business purposes face unique security risks that require specialized preparation and awareness. Effective travel security measures help protect both the individual and organizational assets during travel.
+
+## Pre-Travel Preparation
+
+### Risk Assessment
+
+1. Assess destination-specific risks including political stability, crime rates, health concerns, and local laws
+2. Consider the sensitivity of work to be conducted during travel and adjust security measures accordingly
+3. Consult reliable sources such as government travel advisories and internal threat intelligence
+
+### Device Preparation
+
+1. Use dedicated travel devices whenever possible, with minimal data and applications
+2. Update all software and security patches before departure
+3. Enable full-disk encryption on all devices
+4. Install and test VPN software prior to departure
+5. Consider using temporary travel accounts with limited access to organizational resources
+6. Backup all data before departure and store the backup securely
+
+### Documentation and Emergency Planning
+
+1. Create copies of important documents (passport, visas, insurance)
+2. Establish emergency communication protocols and points of contact
+3. Share itinerary details with appropriate team members
+4. Register with embassy or consular services when traveling to high-risk locations
+
+## In-Transit Security
+
+1. Maintain physical control of devices and sensitive items at all times
+2. Be aware of shoulder surfing when working on sensitive information
+3. Avoid connecting to public or hotel Wi-Fi networks without VPN protection
+4. Disable Bluetooth, Wi-Fi, and other wireless connectivity when not in use
+5. Consider using privacy screens to prevent visual data leakage
+
+## On-Location Security
+
+### Physical Security
+
+1. Store sensitive devices in hotel safes when not in use, or maintain physical possession
+2. Be aware of surroundings and potential surveillance or targeting
+3. Avoid discussing sensitive business matters in public spaces
+4. Use privacy screens when working in public areas
+
+### Digital Security
+
+1. Connect to corporate networks only through secure VPN channels
+2. Be cautious of USB charging stations which may present data theft risks
+3. Report any suspicious activity or security incidents immediately
+4. Exercise extra caution when connecting to Wi-Fi networks
+5. Use mobile hotspots from trusted providers when possible
+
+## Post-Travel Procedures
+
+1. Inspect devices for signs of tampering
+2. Change passwords used during travel
+3. Run security scans on all devices before reconnecting to corporate networks
+4. Report any suspicious incidents or security concerns
+5. Debrief with security team about any potential security issues encountered
+
+## Special Considerations for High-Risk Locations
+
+1. Consider using "burner" devices for travel to high-risk locations
+2. Establish more frequent check-in protocols
+3. Be aware of local surveillance capabilities and legal requirements for device inspection
+4. Prepare for potential device confiscation at borders by minimizing sensitive data
+5. Consider using end-to-end encrypted communication methods
+
+## Web3-Specific Travel Security
+
+1. Use hardware wallets for storing crypto assets and keep them physically secure
+2. Be cautious about revealing cryptocurrency holdings or involvement in high-value projects
+3. Consider using duress passwords or accounts if traveling to high-risk regions
+4. Be aware of targeted attacks at crypto conferences and events
+5. Establish specific protocols for transaction approvals while traveling
+
+## Integration with Other Security Frameworks
+
+Travel security integrates with several other security frameworks:
+
+1. [Device and Endpoint Security](../device-endpoint-security/) for device hardening practices
+2. [Digital Identity and Access Management](../digital-identity-access/) for authentication during travel
+3. [Physical Security](../physical-security/) for protecting physical assets
+
+By implementing comprehensive travel security measures, organizations can significantly reduce risks associated with business travel while enabling team members to work effectively and safely when away from their primary work location.
\ No newline at end of file
diff --git a/src/operational-security/network-communication/README.md b/src/operational-security/network-communication/README.md
new file mode 100644
index 00000000..7dc28665
--- /dev/null
+++ b/src/operational-security/network-communication/README.md
@@ -0,0 +1,45 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Network and Communication Security
+
+Securing your organization's networks and communication channels is crucial for protecting sensitive information, maintaining business operations, and preventing unauthorized access to resources.
+
+## Introduction
+
+Network and communication security encompasses the technologies, policies, and practices that protect the integrity, confidentiality, and availability of data as it travels across networks and communication systems. In today's interconnected world, organizations must address a wide range of threats that target communication channels, from traditional network attacks to sophisticated threats against encrypted communications.
+
+## Key Components
+
+This section covers the following aspects of network and communication security:
+
+1. [Secure Messaging and Communication](./telegram.md) - Best practices for secure messaging platforms, including Telegram
+2. [Wireless Network Security](./wireless-security.md) - Securing WiFi and other wireless networks
+3. [Virtual Private Networks (VPNs)](./vpn-security.md) - Implementing and using VPNs securely
+4. [Secure Remote Access](./remote-access.md) - Approaches for secure remote access to organizational resources
+5. [Network Monitoring and Defense](./network-monitoring.md) - Tools and techniques for monitoring network activity and detecting threats
+
+## Risk-Based Approach
+
+Network and communication security should be implemented based on the sensitivity of the data being transmitted and the criticality of the communication channels:
+
+1. Identify critical communication channels and the types of data transmitted
+2. Assess the potential impact of communication interception or disruption
+3. Implement appropriate security controls based on risk levels
+4. Regularly test and audit communication security measures
+
+## Web3 Considerations
+
+In Web3 environments, network and communication security includes additional considerations:
+
+- The role of public blockchain networks in your communications infrastructure
+- The security of RPC endpoints and node connections
+- Protection against blockchain-specific network attacks
+- Balancing transparency with confidentiality in blockchain communications
+
+The guidance in this section addresses both traditional and Web3-specific network and communication security considerations.
\ No newline at end of file
diff --git a/src/operational-security/telegram.md b/src/operational-security/network-communication/telegram.md
similarity index 100%
rename from src/operational-security/telegram.md
rename to src/operational-security/network-communication/telegram.md
diff --git a/src/operational-security/wireless-security.md b/src/operational-security/network-communication/wireless-security.md
similarity index 100%
rename from src/operational-security/wireless-security.md
rename to src/operational-security/network-communication/wireless-security.md
diff --git a/src/operational-security/physical-security.md b/src/operational-security/physical-security/README.md
similarity index 100%
rename from src/operational-security/physical-security.md
rename to src/operational-security/physical-security/README.md
diff --git a/src/operational-security/web3-specific-opsec/README.md b/src/operational-security/web3-specific-opsec/README.md
new file mode 100644
index 00000000..3ba56b9e
--- /dev/null
+++ b/src/operational-security/web3-specific-opsec/README.md
@@ -0,0 +1,46 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Web3
+ - Blockchain
+---
+
+# Web3-Specific Operational Security
+
+Web3 introduces unique operational security challenges that require specialized approaches beyond traditional security measures. This section focuses on the specific security considerations for organizations operating in the blockchain and decentralized ecosystem.
+
+## Introduction
+
+Web3 operational security addresses the distinct threats and vulnerabilities associated with blockchain technologies, decentralized applications, smart contracts, and cryptocurrency operations. The immutable and often public nature of blockchain transactions, combined with the self-custodial responsibility of managing cryptographic assets, creates a security landscape that requires specialized knowledge and techniques.
+
+## Key Components
+
+This section covers the following aspects of Web3-specific operational security:
+
+1. [Wallet Security](./wallet-security.md) - Securing cryptocurrency and NFT wallets
+2. [Smart Contract Operational Security](./smart-contract-opsec.md) - Operational considerations for deploying and managing smart contracts
+3. [Blockchain Transaction Security](./transaction-security.md) - Securing blockchain transactions against various threats
+4. [Decentralized Identity Management](./decentralized-identity.md) - Managing identities in decentralized systems
+5. [DAO Security Operations](./dao-security.md) - Operational security considerations for Decentralized Autonomous Organizations
+6. [Validator and Node Security](./validator-node-security.md) - Securing blockchain nodes and validators
+
+## Risk-Based Approach
+
+Web3 operational security should be implemented based on the value of assets being managed and the criticality of on-chain operations:
+
+1. Inventory all blockchain assets, wallets, and contracts
+2. Classify these assets based on value and criticality to operations
+3. Implement appropriate security controls based on risk levels
+4. Regularly audit security practices and adapt to emerging threats
+
+## Intersection with Traditional Security
+
+While Web3 introduces unique security challenges, it does not replace the need for traditional security measures. This section highlights where Web3-specific controls should be integrated with:
+
+- Traditional identity and access management
+- Device and endpoint security
+- Network and communication security
+- Human-centered security approaches
+
+By combining Web3-specific security measures with traditional operational security practices, organizations can build a comprehensive security posture suitable for the decentralized ecosystem.
\ No newline at end of file
diff --git a/src/opsec/README.md b/src/opsec/README.md
new file mode 100644
index 00000000..1b46b840
--- /dev/null
+++ b/src/opsec/README.md
@@ -0,0 +1,38 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# Operational Security
+
+Operational Security (OpSec) is a systematic approach to identifying critical information, determining threats to that information, analyzing vulnerabilities, assessing risks, and implementing countermeasures to protect sensitive data and operations. This framework provides comprehensive guidance for implementing effective operational security practices in Web2 and Web3 environments.
+
+## Core Components
+
+This framework is organized into several interconnected components:
+
+1. [Principles & Concepts](./principles/): Core principles and concepts of operational security
+2. [Threat Modeling Overview](./threat-modeling-overview.md): Identifying and analyzing potential security threats
+3. [Risk Management](./risk-management.md): Identifying, assessing, and mitigating security risks
+4. [Monitoring & Detection](./monitoring.md): Continuous monitoring of security events and anomalies
+5. [Incident Response & Recovery](./incident-response-recovery.md): Handling security incidents when they occur
+6. [Governance & Program Management](./governance-program-management.md): Establishing security leadership and organizational structures
+7. [Control Domains](./control-domains.md): Key areas requiring specific security controls and practices
+8. [Lifecycle](./lifecycle.md): The continuous process of implementing and maintaining security measures
+9. [Continuous Improvement](./continuous-improvement-metrics.md): Learning from incidents and evolving security practices
+
+## Using This Framework
+
+Organizations should adapt this framework to their specific needs, considering their size, resources, and risk profile. Start with the fundamentals and gradually implement more advanced controls as your security program matures.
+
+The guidance provided here is designed to be practical and actionable, with specific recommendations that can be implemented by Web3 teams of all sizes.
diff --git a/src/opsec/appendices.md b/src/opsec/appendices.md
new file mode 100644
index 00000000..6cb2726c
--- /dev/null
+++ b/src/opsec/appendices.md
@@ -0,0 +1,54 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Appendices
+
+The appendices provide additional resources, templates, and reference materials to support the implementation of operational security practices. These materials complement the guidance provided in the main framework sections.
+
+## Overview of Appendices
+
+The appendices are organized into the following sections:
+
+1. **Policy & Template Library**: Ready-to-use security policy templates and documents
+2. **Case Studies & Exercises**: Real-world examples and tabletop exercises
+3. **Glossary of Terms**: Definitions of key operational security concepts
+
+These resources are designed to be practical tools that organizations can adapt to their specific needs and contexts.
+
+## Using the Appendices
+
+The materials in the appendices should be:
+
+1. **Customized**: Adapted to your organization's specific needs and context
+2. **Regularly Updated**: Reviewed and updated as threats and best practices evolve
+3. **Integrated**: Used in conjunction with the main framework guidance
+4. **Shared**: Distributed to relevant stakeholders as appropriate
+
+Organizations should view these materials as starting points rather than finished products. They should be tailored to address your specific security requirements, organizational structure, and risk profile.
+
+## Web3-Specific Resources
+
+The appendices include materials specifically designed for Web3 environments, including:
+
+1. **Web3-Specific Policy Templates**: Policies addressing cryptocurrency operations, smart contract deployments, and other blockchain-specific concerns
+2. **Web3 Case Studies**: Examples of security incidents and responses in blockchain projects
+3. **Web3 Security Exercises**: Tabletop scenarios focused on blockchain-specific threats
+4. **Web3 Security Terminology**: Definitions of blockchain security concepts
+
+These Web3-specific resources help bridge the gap between traditional security practices and the unique requirements of blockchain environments.
+
+## Contributing to the Appendices
+
+The appendices are designed to be living resources that evolve over time. Organizations and individuals are encouraged to:
+
+1. **Share Experiences**: Contribute case studies and lessons learned
+2. **Suggest Improvements**: Provide feedback on existing materials
+3. **Submit New Resources**: Develop and share new templates, exercises, or reference materials
+4. **Collaborate**: Work together to enhance the quality and relevance of these resources
+
+By contributing to these resources, you help strengthen the operational security practices of the broader Web3 community.
\ No newline at end of file
diff --git a/src/opsec/appendices/case-studies.md b/src/opsec/appendices/case-studies.md
new file mode 100644
index 00000000..20b34733
--- /dev/null
+++ b/src/opsec/appendices/case-studies.md
@@ -0,0 +1,176 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Case Studies & Exercises
+
+This section provides real-world case studies and tabletop exercises that organizations can use to learn from past incidents and test their security readiness. These examples illustrate common security challenges and effective response strategies.
+
+## Web3 Security Incidents
+
+### Case Study 1: Private Key Compromise
+
+#### Incident Overview
+A mid-sized DeFi protocol experienced a security breach when an attacker gained access to a private key used for deploying smart contracts. The attacker used the key to deploy a malicious contract update that drained approximately $3 million from the protocol.
+
+#### Root Causes
+1. The private key was stored in a development environment with inadequate access controls
+2. The same key was used for both testing and production deployments
+3. There was no multi-signature requirement for contract deployments
+4. Monitoring systems failed to detect the unauthorized deployment
+
+#### Response Actions
+1. The team immediately alerted users via social media and official channels
+2. All remaining funds were moved to secure wallets
+3. A forensic investigation was initiated to determine the attack vector
+4. Law enforcement and blockchain analytics firms were engaged
+5. The team implemented a compensation plan for affected users
+
+#### Lessons Learned
+1. Implement multi-signature requirements for all critical operations
+2. Establish separate keys for different environments with appropriate controls
+3. Improve deployment security with additional verification steps
+4. Enhance monitoring to detect unauthorized deployments
+5. Develop and test incident response procedures specific to key compromise
+
+### Case Study 2: Social Engineering Attack
+
+#### Incident Overview
+A community manager for a popular NFT project had their Discord account compromised after clicking a link in a direct message that appeared to come from a team member. The attacker used the compromised account to post a fake minting link, resulting in approximately 50 community members connecting their wallets and losing assets.
+
+#### Root Causes
+1. Lack of verification procedures for team communications
+2. Insufficient security awareness training for team members
+3. Absence of multi-factor authentication on critical accounts
+4. Inadequate controls for posting official announcements
+
+#### Response Actions
+1. The team removed the compromised account's permissions
+2. An official announcement was made warning about the scam
+3. The fake minting site was reported for takedown
+4. Affected community members were identified for potential compensation
+5. Communication procedures were revised to prevent similar incidents
+
+#### Lessons Learned
+1. Implement strong authentication for all team accounts
+2. Establish verification protocols for team communications
+3. Create a secure process for publishing official announcements
+4. Conduct regular security awareness training for team members
+5. Develop an incident response plan specific to community channel compromises
+
+## Tabletop Exercises
+
+### Exercise 1: Wallet Security Incident
+
+#### Scenario
+Your organization's multi-signature wallet has shown unusual transaction activity. A transaction that was not authorized by the team has been initiated, requiring one more signature to execute. The transaction would send a significant amount of funds to an unknown address.
+
+#### Exercise Questions
+1. What immediate actions would you take?
+2. How would you investigate the source of the unauthorized transaction?
+3. What stakeholders need to be notified, and what information would you provide?
+4. What steps would you take to secure your remaining assets?
+5. How would you communicate with your community or users?
+
+#### Key Discussion Points
+- Multi-signature wallet security procedures
+- Transaction verification processes
+- Incident response roles and responsibilities
+- Communication strategies during security incidents
+- Forensic investigation approaches
+
+### Exercise 2: Smart Contract Vulnerability
+
+#### Scenario
+A security researcher has privately disclosed a critical vulnerability in one of your deployed smart contracts. The vulnerability could potentially allow an attacker to drain funds, but it requires specific conditions that have not yet occurred. You have approximately 48 hours before these conditions align.
+
+#### Exercise Questions
+1. How would you validate the reported vulnerability?
+2. What immediate mitigation steps could you take?
+3. How would you prioritize and approach developing a fix?
+4. What stakeholders need to be involved in the decision-making process?
+5. How and when would you communicate with users and the broader community?
+
+#### Key Discussion Points
+- Vulnerability verification processes
+- Short-term mitigation strategies
+- Smart contract upgrade procedures
+- Decision-making during time-sensitive incidents
+- Responsible disclosure and communication
+
+### Exercise 3: Team Member Device Compromise
+
+#### Scenario
+A developer on your team reports that their laptop has been stolen while traveling. The laptop was used for development work and had access to various internal systems. The developer had logged into several services recently and is unsure if all sessions were properly closed.
+
+#### Exercise Questions
+1. What immediate actions would you take to contain potential damage?
+2. What systems and access credentials might be at risk?
+3. How would you determine if any unauthorized access has occurred?
+4. What steps would you take to restore secure operations?
+5. How would you improve security to prevent similar incidents?
+
+#### Key Discussion Points
+- Device security policies and procedures
+- Access revocation processes
+- Security monitoring and detection capabilities
+- Recovery procedures for compromised credentials
+- Travel security policies
+
+## Security Exercises for Teams
+
+### Red Team Exercise: Phishing Simulation
+
+#### Exercise Overview
+This exercise simulates a phishing attack targeting team members to test awareness and response.
+
+#### Setup Requirements
+1. Prepare simulated phishing emails targeting different team roles
+2. Create a safe landing page that records interactions
+3. Establish monitoring to track responses
+4. Prepare educational materials for post-exercise discussion
+
+#### Exercise Process
+1. Send simulated phishing emails to selected team members
+2. Monitor interactions with the phishing content
+3. Document actions taken by recipients
+4. Track if and how the incident is reported
+5. Conduct a debrief session to discuss results
+
+#### Evaluation Criteria
+- Percentage of team members who detected the phishing attempt
+- Time taken to report suspicious emails
+- Effectiveness of reporting procedures
+- Quality of response from security team
+- Lessons learned and areas for improvement
+
+### Security Control Assessment: Key Management
+
+#### Exercise Overview
+This exercise evaluates the effectiveness of cryptocurrency key management procedures.
+
+#### Setup Requirements
+1. Create a test environment with non-production keys
+2. Prepare scenarios that test different aspects of key management
+3. Establish evaluation criteria for each scenario
+4. Ensure safety measures to prevent actual asset risk
+
+#### Exercise Process
+1. Simulate routine key management operations
+2. Introduce scenarios requiring emergency access to keys
+3. Test key recovery procedures
+4. Evaluate separation of duties enforcement
+5. Assess documentation and procedure clarity
+
+#### Evaluation Criteria
+- Adherence to established key management procedures
+- Effectiveness of security controls
+- Time required to safely complete key operations
+- Quality of documentation and procedures
+- Identification of gaps and improvement opportunities
+
+These case studies and exercises provide practical examples and scenarios that organizations can use to learn from past incidents and test their security readiness. By regularly conducting such exercises, teams can identify weaknesses in their security posture and improve their ability to respond effectively to incidents.
\ No newline at end of file
diff --git a/src/opsec/appendices/glossary.md b/src/opsec/appendices/glossary.md
new file mode 100644
index 00000000..ca3f6529
--- /dev/null
+++ b/src/opsec/appendices/glossary.md
@@ -0,0 +1,181 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Glossary of Terms
+
+This glossary provides definitions for key terms used throughout the Operational Security framework. It includes both general security terminology and Web3-specific concepts to help ensure a common understanding of security concepts.
+
+## General Security Terms
+
+### A
+
+**Access Control**: Systems and policies that restrict access to resources based on user identity and authorization level.
+
+**Authentication**: The process of verifying the identity of a user, system, or entity.
+
+**Authorization**: The process of determining what actions an authenticated entity is permitted to perform.
+
+**Availability**: The property of being accessible and usable upon demand by an authorized entity.
+
+### B
+
+**Backup**: A copy of data created and stored separately from the original, to enable recovery in case of data loss.
+
+**Breach**: An incident that results in the unauthorized access, disclosure, or acquisition of protected data.
+
+### C
+
+**Confidentiality**: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
+
+**Configuration Management**: The process of establishing and maintaining consistency of a system's performance and functional attributes with its requirements and design.
+
+**Containment**: Actions taken to limit the scope and impact of a security incident.
+
+**Countermeasure**: An action, device, procedure, or technique that mitigates a security threat or vulnerability.
+
+### D
+
+**Defense in Depth**: A security strategy that employs multiple layers of controls to protect resources.
+
+**Disaster Recovery**: A set of policies, tools, and procedures to enable the recovery of vital technology infrastructure and systems following a disaster.
+
+### E
+
+**Encryption**: The process of converting information into a code to prevent unauthorized access.
+
+**Endpoint Security**: The practice of securing entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors.
+
+### I
+
+**Incident Response**: The process of addressing and managing the aftermath of a security breach or attack.
+
+**Integrity**: The property that data has not been altered in an unauthorized manner since it was created, transmitted, or stored.
+
+**Intrusion Detection System (IDS)**: A system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
+
+### L
+
+**Least Privilege**: The principle of providing users with the minimum levels of access necessary to perform their job functions.
+
+**Logging**: The recording of events, activities, and changes within a system or network.
+
+### M
+
+**Malware**: Software designed to disrupt, damage, or gain unauthorized access to a computer system.
+
+**Multi-Factor Authentication (MFA)**: An authentication method that requires a user to provide two or more verification factors to gain access.
+
+### P
+
+**Penetration Testing**: An authorized simulated attack on a computer system to evaluate its security.
+
+**Phishing**: A technique for attempting to acquire sensitive data, such as passwords or credit card details, by masquerading as a trustworthy entity.
+
+**Principle of Least Privilege**: The concept of granting users only the minimum access rights necessary to perform their job functions.
+
+### R
+
+**Risk Assessment**: The process of identifying, analyzing, and evaluating risk.
+
+**Risk Management**: The coordinated activities to direct and control an organization with regard to risk.
+
+### S
+
+**Security Controls**: Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks.
+
+**Security Incident**: An event that potentially compromises the confidentiality, integrity, or availability of information or systems.
+
+**Separation of Duties**: A principle that divides critical functions among different staff members to prevent fraud and errors.
+
+### T
+
+**Threat**: A potential cause of an unwanted incident, which may result in harm to a system or organization.
+
+**Two-Factor Authentication (2FA)**: A method of confirming a user's claimed identity by utilizing a combination of two different factors.
+
+### V
+
+**Vulnerability**: A weakness that can be exploited by a threat actor to perform unauthorized actions.
+
+**Vulnerability Assessment**: The process of identifying, quantifying, and prioritizing vulnerabilities in systems, applications, and network infrastructure.
+
+## Web3-Specific Terms
+
+### A
+
+**Air-Gapped**: A security measure where a computer or network is physically isolated from unsecured networks, such as the public internet or an insecure local area network.
+
+### B
+
+**Blockchain**: A distributed ledger technology that maintains a continuously growing list of records, called blocks, which are linked and secured using cryptography.
+
+### C
+
+**Cold Storage**: The practice of keeping a reserve of cryptocurrency offline, typically in hardware wallets or paper wallets.
+
+**Consensus Mechanism**: The process in a blockchain network that achieves agreement among distributed processes or systems on a single data value.
+
+**Custodial Wallet**: A cryptocurrency wallet where the private keys are held by a third-party service.
+
+### D
+
+**Decentralized Application (DApp)**: An application that runs on a decentralized network, avoiding a single point of control or failure.
+
+**Decentralized Autonomous Organization (DAO)**: An organization represented by rules encoded as a computer program that is transparent, controlled by the organization members, and not influenced by a central government.
+
+### E
+
+**Externally Owned Account (EOA)**: An Ethereum account controlled by a private key, typically belonging to a person.
+
+### G
+
+**Gas**: A unit that measures the amount of computational effort required to execute operations on the Ethereum network.
+
+### H
+
+**Hardware Wallet**: A special type of cryptocurrency wallet that stores the user's private keys in a secure hardware device.
+
+**Hot Wallet**: A cryptocurrency wallet that is connected to the internet, allowing for quick transactions but with increased security risks.
+
+### M
+
+**Mempool**: A collection of all transaction data that have been verified by nodes but have not yet been recorded onto the blockchain.
+
+**Multisignature (Multisig)**: A digital signature scheme that allows a group of users to sign a single document, with multiple parties required to authorize a transaction.
+
+### N
+
+**Node**: A computer that connects to a blockchain network and maintains a copy of the blockchain.
+
+**Non-Custodial Wallet**: A cryptocurrency wallet where users have full control over their private keys and cryptocurrency.
+
+### P
+
+**Private Key**: A secret number that allows cryptocurrency to be spent. It is paired with a public key in asymmetric cryptography.
+
+**Public Key**: A cryptographic key that can be obtained and used by anyone to encrypt messages intended for a particular recipient, such that the encrypted messages can only be decrypted by the recipient's paired private key.
+
+### S
+
+**Smart Contract**: Self-executing contracts with the terms of the agreement directly written into code, which automatically enforce and execute the terms when predetermined conditions are met.
+
+**Seed Phrase**: A series of words generated by cryptocurrency wallets that give users access to the cryptocurrency associated with that wallet.
+
+### T
+
+**Token**: A digital asset that is created, issued, and managed on an existing blockchain.
+
+**Transaction**: The record of a change in ownership of a cryptocurrency or the execution of a smart contract.
+
+### W
+
+**Wallet**: Software that stores private and public keys and interacts with various blockchain to enable users to send and receive digital currency and monitor their balance.
+
+**Web3**: The concept of a new iteration of the web which incorporates concepts such as decentralization, blockchain technologies, and token-based economics.
+
+This glossary provides a common language for discussing operational security concepts. Understanding these terms is essential for effective communication about security risks, controls, and practices in both traditional and Web3 environments.
\ No newline at end of file
diff --git a/src/opsec/appendices/policies.md b/src/opsec/appendices/policies.md
new file mode 100644
index 00000000..867a9fae
--- /dev/null
+++ b/src/opsec/appendices/policies.md
@@ -0,0 +1,345 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Policy & Template Library
+
+This library provides templates and examples of security policies, procedures, and other documents that organizations can adapt to their specific needs. These templates serve as starting points for developing comprehensive security documentation.
+
+## Core Security Policies
+
+### Information Security Policy
+
+```markdown
+# Information Security Policy
+
+## Purpose
+This policy establishes the framework for protecting information assets and technology resources of [ORGANIZATION NAME].
+
+## Scope
+This policy applies to all employees, contractors, consultants, temporary staff, and other workers at [ORGANIZATION NAME], including personnel affiliated with third parties.
+
+## Policy Statements
+1. [ORGANIZATION NAME] shall maintain an information security program that:
+ - Protects the confidentiality, integrity, and availability of information
+ - Complies with applicable legal and regulatory requirements
+ - Aligns with business objectives and risk tolerance
+ - Follows industry best practices
+
+2. All users must:
+ - Protect sensitive information from unauthorized access or disclosure
+ - Use information systems in accordance with acceptable use guidelines
+ - Report security incidents and suspected vulnerabilities
+ - Complete security awareness training
+
+3. Management shall:
+ - Ensure adequate resources for security controls
+ - Regularly review security effectiveness
+ - Enforce compliance with security policies
+ - Support continuous improvement of security practices
+
+## Roles and Responsibilities
+[Define specific security roles and responsibilities]
+
+## Compliance
+Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.
+
+## Related Documents
+- Acceptable Use Policy
+- Access Control Policy
+- Incident Response Policy
+```
+
+### Access Control Policy
+
+```markdown
+# Access Control Policy
+
+## Purpose
+This policy establishes requirements for controlling access to [ORGANIZATION NAME]'s information systems and data.
+
+## Scope
+This policy applies to all systems, data, and users within [ORGANIZATION NAME].
+
+## Policy Statements
+1. Access Control Principles
+ - All access shall be granted based on the principle of least privilege
+ - Access rights shall be reviewed regularly
+ - Authentication mechanisms shall be appropriate to the sensitivity of the information
+
+2. User Access Management
+ - Formal user registration and de-registration procedures shall be implemented
+ - Privileged access rights shall be restricted and controlled
+ - Regular access rights reviews shall be conducted
+
+3. User Responsibilities
+ - Users shall follow good authentication practices
+ - Users shall protect their authentication information
+ - Users shall not share access credentials
+
+## Implementation Guidelines
+[Specific implementation guidelines for access control]
+
+## Exceptions
+Exceptions to this policy must be documented and approved by [ROLE].
+```
+
+## Web3-Specific Policies
+
+### Cryptocurrency Key Management Policy
+
+```markdown
+# Cryptocurrency Key Management Policy
+
+## Purpose
+This policy establishes requirements for the secure management of cryptographic keys used for cryptocurrency transactions and operations.
+
+## Scope
+This policy applies to all cryptographic keys used to secure cryptocurrency assets and operations at [ORGANIZATION NAME].
+
+## Policy Statements
+1. Key Generation and Storage
+ - Private keys shall be generated using secure methods
+ - Critical keys shall be stored in hardware security modules or hardware wallets
+ - Keys shall be backed up securely with appropriate redundancy
+
+2. Transaction Signing
+ - High-value transactions shall require multi-signature approval
+ - Transaction details shall be verified before signing
+ - Signing devices shall be kept secure and regularly audited
+
+3. Key Recovery and Backup
+ - Key recovery information shall be securely stored in multiple locations
+ - Recovery procedures shall be documented and tested
+ - No single individual shall have access to full recovery information
+
+## Implementation Guidelines
+[Specific implementation guidelines for key management]
+
+## Roles and Responsibilities
+[Define specific roles and responsibilities for key management]
+```
+
+### Smart Contract Deployment Policy
+
+```markdown
+# Smart Contract Deployment Policy
+
+## Purpose
+This policy establishes requirements for the secure development and deployment of smart contracts.
+
+## Scope
+This policy applies to all smart contracts developed, deployed, or maintained by [ORGANIZATION NAME].
+
+## Policy Statements
+1. Development Requirements
+ - Smart contracts shall follow secure coding guidelines
+ - All contracts shall undergo peer review
+ - Critical contracts shall be audited by qualified third parties
+
+2. Testing Requirements
+ - Contracts shall undergo comprehensive testing including security tests
+ - Tests shall include edge cases and potential attack scenarios
+ - Test coverage metrics shall be established and maintained
+
+3. Deployment Requirements
+ - Contracts shall be deployed through a secure, controlled process
+ - Deployment transactions shall require multi-signature approval
+ - Deployed contracts shall be verified on blockchain explorers
+
+4. Monitoring and Maintenance
+ - Deployed contracts shall be monitored for unusual activity
+ - Security updates shall follow a defined process
+ - Upgrade mechanisms shall be secured with appropriate controls
+
+## Implementation Guidelines
+[Specific implementation guidelines for smart contract deployment]
+
+## Roles and Responsibilities
+[Define specific roles and responsibilities for contract deployment]
+```
+
+## Procedure Templates
+
+### Incident Response Procedure
+
+```markdown
+# Security Incident Response Procedure
+
+## Purpose
+This procedure outlines the steps to be followed when responding to security incidents.
+
+## Incident Detection and Reporting
+1. Detection Sources
+ - Automated alerts from monitoring systems
+ - Reports from users or team members
+ - External notifications
+
+2. Reporting Process
+ - Initial notification to [CONTACT/CHANNEL]
+ - Required information for incident reports
+ - Escalation criteria and process
+
+## Incident Response Phases
+1. Preparation
+ - Necessary tools and resources
+ - Team roles and responsibilities
+ - Communication channels
+
+2. Identification
+ - Verifying and assessing the incident
+ - Determining scope and impact
+ - Assigning severity level
+
+3. Containment
+ - Short-term containment actions
+ - Evidence preservation steps
+ - System isolation procedures
+
+4. Eradication
+ - Removing the cause of the incident
+ - Vulnerability remediation
+ - Malware removal
+
+5. Recovery
+ - System restoration procedures
+ - Verification of system integrity
+ - Return to operation process
+
+6. Lessons Learned
+ - Post-incident review process
+ - Documentation requirements
+ - Improvement implementation
+
+## Communication Guidelines
+[Guidelines for internal and external communication during incidents]
+
+## Specific Incident Types
+[Specific procedures for different types of incidents]
+```
+
+### Key Ceremony Procedure
+
+```markdown
+# Cryptocurrency Key Ceremony Procedure
+
+## Purpose
+This procedure outlines the steps for generating and securing cryptographic keys for cryptocurrency operations.
+
+## Preparation
+1. Required Materials
+ - Hardware wallets or HSMs
+ - Backup materials (metal plates, recovery phrase cards)
+ - Tamper-evident bags and seals
+
+2. Participant Roles
+ - Ceremony Administrator
+ - Key Holders
+ - Witnesses
+ - Security Officer
+
+3. Location Requirements
+ - Physical security controls
+ - Network isolation measures
+ - Environmental controls
+
+## Key Generation Process
+1. Device Preparation
+ - Verification of device authenticity
+ - Firmware verification
+ - Device initialization
+
+2. Key Generation
+ - Entropy generation process
+ - Key creation steps
+ - Verification process
+
+3. Backup Creation
+ - Recovery phrase documentation
+ - Backup verification
+ - Secure storage preparation
+
+## Security Controls
+1. Physical Security
+ - Access control to ceremony location
+ - Video recording requirements
+ - Device handling protocols
+
+2. Participant Controls
+ - Identity verification
+ - Non-disclosure agreements
+ - Role separation requirements
+
+3. Documentation Requirements
+ - Required ceremony records
+ - Signature requirements
+ - Storage of ceremony documentation
+
+## Post-Ceremony Actions
+[Actions to be taken after the ceremony is complete]
+```
+
+## Checklists and Forms
+
+### Security Assessment Checklist
+
+```markdown
+# Security Assessment Checklist
+
+## System Information
+- System Name: ________________
+- System Owner: ________________
+- Assessment Date: ________________
+- Assessor: ________________
+
+## Access Controls
+- [ ] User access is based on least privilege
+- [ ] Strong authentication is enforced
+- [ ] Privileged accounts are restricted
+- [ ] Access is reviewed regularly
+- [ ] Password policies are enforced
+
+## Network Security
+- [ ] Firewalls are properly configured
+- [ ] Network traffic is monitored
+- [ ] Remote access is secured
+- [ ] Network segmentation is implemented
+- [ ] Encrypted protocols are used for sensitive data
+
+## Data Protection
+- [ ] Sensitive data is identified and classified
+- [ ] Data encryption is implemented
+- [ ] Data backups are performed regularly
+- [ ] Data retention policies are enforced
+- [ ] Data destruction procedures are in place
+
+## System Security
+- [ ] Systems are patched regularly
+- [ ] Antimalware protection is implemented
+- [ ] System hardening is performed
+- [ ] System logs are collected and reviewed
+- [ ] Change management processes are followed
+
+## Physical Security
+- [ ] Physical access controls are in place
+- [ ] Environmental controls are implemented
+- [ ] Equipment is protected from theft or damage
+- [ ] Media is securely handled and disposed
+- [ ] Physical security incidents are monitored
+
+## Incident Response
+- [ ] Incident response procedures are documented
+- [ ] Staff is trained on incident response
+- [ ] Incidents are reported and tracked
+- [ ] Post-incident reviews are conducted
+- [ ] Lessons learned are implemented
+
+## Additional Notes
+[Space for assessment notes and observations]
+```
+
+These templates provide starting points for developing comprehensive security policies and procedures. Organizations should customize these templates to address their specific security requirements, organizational structure, and risk profile.
\ No newline at end of file
diff --git a/src/opsec/continuous-improvement-metrics.md b/src/opsec/continuous-improvement-metrics.md
new file mode 100644
index 00000000..51491e53
--- /dev/null
+++ b/src/opsec/continuous-improvement-metrics.md
@@ -0,0 +1,160 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Continuous Improvement & Metrics
+
+Operational security is not a static state but rather a continuous process of assessment, improvement, and adaptation. This section outlines approaches to continuously improve security practices and measure their effectiveness.
+
+## Post-Mortem & Lessons Learned
+
+Learning from security incidents and near-misses to strengthen security posture.
+
+### Key Components
+
+1. **Post-Incident Analysis**: Comprehensive review of security incidents
+2. **Root Cause Analysis**: Identifying underlying causes, not just symptoms
+3. **Near-Miss Analysis**: Learning from events that could have led to incidents
+4. **Control Effectiveness Review**: Assessing how well existing controls performed
+5. **Improvement Identification**: Determining specific changes needed
+
+### Implementation Steps
+
+1. Conduct post-mortem analysis for all significant security incidents
+2. Involve relevant stakeholders in the analysis process
+3. Focus on systemic issues rather than individual blame
+4. Document findings and recommendations
+5. Develop action plans for implementing improvements
+6. Follow up to ensure changes are implemented effectively
+
+### Web3-Specific Considerations
+
+1. **Smart Contract Post-Mortems**: Analyzing exploits and vulnerabilities
+2. **Protocol Upgrade Assessments**: Learning from upgrade successes and failures
+3. **Community Involvement**: Balancing transparency with security in post-mortems
+4. **Cross-Project Learning**: Applying lessons from incidents in other projects
+5. **Technical Debt Management**: Addressing security-related technical debt
+
+## Security KPIs & Reporting
+
+Measuring security effectiveness through key performance indicators (KPIs) and regular reporting.
+
+### Key Security Metrics
+
+1. **Time to Detect**: How quickly incidents are identified
+2. **Time to Respond**: How quickly incidents are addressed
+3. **Mean Time to Recovery**: Average time to restore normal operations
+4. **Security Control Coverage**: Percentage of systems with appropriate controls
+5. **Vulnerability Management**: Time to patch known vulnerabilities
+6. **Training Compliance**: Percentage of team members completing security training
+7. **Security Incidents**: Number and severity of security events
+8. **Security Debt**: Backlog of security issues requiring remediation
+
+### Implementation Steps
+
+1. Identify the most relevant metrics for your organization
+2. Establish baseline measurements for each metric
+3. Define targets and thresholds for improvement
+4. Implement processes for regular data collection
+5. Develop reporting formats for different stakeholders
+6. Review and refine metrics periodically to ensure relevance
+
+### Web3-Specific Metrics
+
+1. **Smart Contract Audit Coverage**: Percentage of code reviewed by auditors
+2. **Key Management Compliance**: Adherence to key management procedures
+3. **Blockchain Security Monitoring**: Coverage and effectiveness of monitoring
+4. **Security Bounty Program Metrics**: Submissions, time to fix, reward efficiency
+5. **Governance Participation**: Engagement in security-related governance decisions
+
+## Continuous Assessment
+
+Regularly evaluating security practices and controls to identify improvement opportunities.
+
+### Assessment Types
+
+1. **Self-Assessment**: Internal review of security controls and practices
+2. **Peer Review**: Review by colleagues from other teams or functions
+3. **External Assessment**: Evaluation by third-party security experts
+4. **Red Team Exercises**: Simulated attacks to test security controls
+5. **Compliance Audits**: Formal evaluation against standards or regulations
+
+### Implementation Steps
+
+1. Develop an assessment schedule covering different types of evaluations
+2. Establish clear assessment criteria and methodologies
+3. Ensure assessments cover both technical and procedural controls
+4. Document assessment findings and recommendations
+5. Develop and implement remediation plans
+6. Follow up to verify that improvements have been made
+
+### Web3-Specific Assessments
+
+1. **Smart Contract Audits**: Regular review of contract code
+2. **Blockchain Security Assessment**: Evaluation of blockchain-specific risks
+3. **Cryptographic Implementation Review**: Specialized assessment of cryptography
+4. **Decentralized Governance Assessment**: Evaluation of governance security
+5. **Cross-Chain Security Review**: Assessment of risks across multiple blockchains
+
+## Security Program Maturity
+
+Evaluating and advancing the maturity of the overall security program.
+
+### Maturity Models
+
+1. **Initial**: Ad-hoc security practices with limited formalization
+2. **Developing**: Basic security controls with some standardization
+3. **Defined**: Documented security policies and procedures
+4. **Managed**: Security metrics and continuous improvement processes
+5. **Optimizing**: Proactive security measures with automation and integration
+
+### Implementation Steps
+
+1. Assess current security program maturity
+2. Identify gaps and improvement opportunities
+3. Develop a roadmap for advancing maturity levels
+4. Implement changes in prioritized, manageable increments
+5. Regularly reassess maturity and adjust improvement plans
+
+### Web3-Specific Maturity Considerations
+
+1. **Blockchain Security Integration**: How well blockchain security is integrated
+2. **Smart Contract Security Maturity**: Sophistication of contract security practices
+3. **Decentralized Security Governance**: Maturity of security governance in DAOs
+4. **Cross-Chain Security Maturity**: Sophistication of cross-chain security measures
+5. **DeFi-Specific Security Maturity**: Advanced security for decentralized finance
+
+## Building a Security-Conscious Culture
+
+Fostering an organizational culture that values and prioritizes security.
+
+### Key Components
+
+1. **Leadership Support**: Visible commitment to security from leadership
+2. **Clear Expectations**: Defined security responsibilities for all roles
+3. **Positive Reinforcement**: Recognition for good security practices
+4. **Continuous Learning**: Ongoing security education and awareness
+5. **Open Communication**: Encouraging reporting of security concerns
+
+### Implementation Steps
+
+1. Secure visible support from organizational leadership
+2. Integrate security into organizational values and principles
+3. Implement recognition programs for security contributions
+4. Provide regular security updates and awareness materials
+5. Create safe channels for reporting security concerns
+6. Lead by example through leadership security practices
+
+### Web3-Specific Cultural Considerations
+
+1. **Balancing Transparency and Security**: Finding the right balance in open communities
+2. **Security in Decentralized Teams**: Building security culture across distributed teams
+3. **Community Security Engagement**: Involving the wider community in security efforts
+4. **Security-Conscious Development Culture**: Integrating security into development practices
+5. **Responsible Disclosure Culture**: Fostering appropriate vulnerability disclosure
+
+Continuous improvement in security requires a systematic approach to learning, measuring, and adapting. By implementing robust metrics, assessment processes, and a culture of security awareness, organizations can evolve their security practices to address emerging threats and changing environments.
\ No newline at end of file
diff --git a/src/opsec/control-domains.md b/src/opsec/control-domains.md
new file mode 100644
index 00000000..d55aff72
--- /dev/null
+++ b/src/opsec/control-domains.md
@@ -0,0 +1,53 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Control Domains
+
+Operational security controls are organized into domains that address different aspects of security. This section provides an overview of these domains and how they work together to create a comprehensive security posture.
+
+## Introduction to Control Domains
+
+Security controls are safeguards or countermeasures designed to protect the confidentiality, integrity, and availability of information and systems. Organizing these controls into domains helps ensure comprehensive coverage across different aspects of security.
+
+The primary control domains in operational security are:
+
+1. **Organizational Controls**: Policies, governance, and management structures
+2. **People & Personnel Controls**: Security measures related to human behavior and awareness
+3. **Physical & Environmental Controls**: Protection of physical assets and environments
+4. **Technical & Digital Controls**: Security measures for systems, networks, and data
+
+## Implementing a Balanced Control Framework
+
+Effective operational security requires a balanced approach across all control domains:
+
+1. **Layered Defense**: Implement controls across multiple domains to create defense in depth
+2. **Risk-Based Approach**: Allocate resources based on risk assessment rather than implementing all possible controls
+3. **Continuous Evaluation**: Regularly assess the effectiveness of controls against evolving threats
+4. **Adaptability**: Adjust controls based on changes in technology, threats, and organizational needs
+
+## Control Selection and Implementation
+
+When selecting and implementing controls:
+
+1. **Identify Requirements**: Determine what needs to be protected and why
+2. **Assess Current State**: Evaluate existing controls and identify gaps
+3. **Select Appropriate Controls**: Choose controls based on risk assessment and organizational context
+4. **Implement Systematically**: Deploy controls in a coordinated manner
+5. **Monitor Effectiveness**: Regularly evaluate how well controls are working
+6. **Improve Continuously**: Refine and enhance controls based on performance and changing needs
+
+## Web3-Specific Considerations
+
+In Web3 environments, control implementation must address unique challenges:
+
+1. **Decentralized Operations**: Implementing controls across distributed teams and systems
+2. **Cryptocurrency Security**: Specialized controls for digital asset protection
+3. **Smart Contract Security**: Controls specific to blockchain-based code
+4. **Community Governance**: Balancing centralized security controls with decentralized governance
+
+The following sections detail the specific controls within each domain, providing guidance on implementation and best practices tailored to Web3 organizations.
\ No newline at end of file
diff --git a/src/opsec/control-domains/organizational.md b/src/opsec/control-domains/organizational.md
new file mode 100644
index 00000000..e1c021e5
--- /dev/null
+++ b/src/opsec/control-domains/organizational.md
@@ -0,0 +1,99 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Organizational Controls
+
+Organizational controls form the foundation of an operational security program. These controls establish the governance structures, policies, and processes necessary to implement and maintain security throughout the organization.
+
+## Compliance & Regulatory Alignment
+
+Ensuring that security practices align with relevant regulations, standards, and industry best practices.
+
+### Key Components
+
+1. **Regulatory Identification**: Identifying applicable laws, regulations, and standards
+2. **Compliance Mapping**: Aligning security controls with compliance requirements
+3. **Gap Assessment**: Evaluating compliance status and identifying deficiencies
+4. **Remediation Planning**: Developing plans to address compliance gaps
+5. **Continuous Monitoring**: Regularly assessing compliance status
+
+### Implementation Steps
+
+1. Identify and document all applicable regulatory requirements
+2. Map requirements to specific security controls and policies
+3. Conduct regular compliance assessments
+4. Develop and implement remediation plans for identified gaps
+5. Maintain documentation of compliance activities and status
+6. Stay informed about changes to regulatory requirements
+
+### Web3-Specific Considerations
+
+1. **Regulatory Uncertainty**: Navigate evolving regulations specific to blockchain and cryptocurrency
+2. **Cross-Jurisdictional Compliance**: Address requirements across multiple jurisdictions
+3. **Token Classification**: Understand securities laws and regulations that may apply to tokens
+4. **AML/KYC Requirements**: Implement appropriate controls where required by law
+5. **Data Protection**: Comply with privacy regulations while leveraging blockchain transparency
+
+## Supply-Chain Security
+
+Managing security risks associated with vendors, suppliers, and other third parties in your supply chain.
+
+### Key Components
+
+1. **Vendor Risk Assessment**: Evaluating the security posture of potential vendors
+2. **Security Requirements**: Establishing security expectations for vendors
+3. **Contractual Controls**: Including security requirements in contracts
+4. **Ongoing Monitoring**: Regularly assessing vendor security compliance
+5. **Incident Response Coordination**: Coordinating with vendors during security incidents
+
+### Implementation Steps
+
+1. Develop a vendor security assessment methodology
+2. Establish security requirements based on the sensitivity of data and systems accessed
+3. Include security clauses in contracts and agreements
+4. Implement a process for regular vendor security reviews
+5. Develop procedures for addressing vendor security concerns
+6. Create incident response plans that include vendor coordination
+
+### Web3-Specific Considerations
+
+1. **Code Dependencies**: Assess security of open-source libraries and components
+2. **Smart Contract Auditors**: Evaluate and select qualified auditors for code review
+3. **Node Operators**: Assess security of infrastructure providers and node operators
+4. **Blockchain Integration**: Evaluate security of bridges, oracles, and other blockchain integrations
+5. **Wallet Providers**: Assess security of wallet solutions and key management services
+
+## Organizational Structure & Roles
+
+Establishing clear security responsibilities and accountability throughout the organization.
+
+### Key Components
+
+1. **Security Governance**: Defining how security decisions are made
+2. **Roles and Responsibilities**: Clearly defining security responsibilities
+3. **Separation of Duties**: Ensuring no single person has excessive control
+4. **Escalation Paths**: Establishing clear processes for raising security concerns
+5. **Security Team Structure**: Organizing security personnel effectively
+
+### Implementation Steps
+
+1. Define and document security roles and responsibilities
+2. Implement separation of duties for critical functions
+3. Establish security decision-making processes
+4. Create clear escalation procedures for security issues
+5. Ensure security representation in key decision-making bodies
+
+### Web3-Specific Considerations
+
+1. **Decentralized Teams**: Implement security governance in distributed organizations
+2. **Multi-Signature Control**: Establish clear roles for multi-signature key holders
+3. **Community Governance**: Balance security with community-driven decision making
+4. **Pseudonymous Contributors**: Develop trust models for pseudonymous team members
+5. **DAO Structures**: Integrate security governance into decentralized autonomous organizations
+
+Effective organizational controls provide the structure needed to implement and maintain operational security throughout your organization. By establishing clear governance, compliance processes, and supply chain controls, you create a foundation for all other security measures.
\ No newline at end of file
diff --git a/src/opsec/control-domains/organizational/compliance-regulatory-alignment.md b/src/opsec/control-domains/organizational/compliance-regulatory-alignment.md
new file mode 100644
index 00000000..e3bf8d9a
--- /dev/null
+++ b/src/opsec/control-domains/organizational/compliance-regulatory-alignment.md
@@ -0,0 +1 @@
+# Compliance & regulatory alignment
diff --git a/src/opsec/control-domains/organizational/supply-chain-security.md b/src/opsec/control-domains/organizational/supply-chain-security.md
new file mode 100644
index 00000000..9bc7f3bb
--- /dev/null
+++ b/src/opsec/control-domains/organizational/supply-chain-security.md
@@ -0,0 +1 @@
+# Supply-chain security
diff --git a/src/opsec/control-domains/people.md b/src/opsec/control-domains/people.md
new file mode 100644
index 00000000..48df4911
--- /dev/null
+++ b/src/opsec/control-domains/people.md
@@ -0,0 +1,126 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# People & Personnel Controls
+
+People are both the greatest asset and potentially the greatest vulnerability in any security program. This section outlines controls to mitigate human-related security risks while fostering a security-aware culture.
+
+## Social-Engineering Defense
+
+Protecting against attacks that manipulate people to divulge confidential information or perform actions that compromise security.
+
+### Key Components
+
+1. **Awareness Training**: Educating team members about social engineering tactics
+2. **Attack Simulation**: Conducting controlled social engineering exercises
+3. **Verification Procedures**: Establishing processes to verify requestor identity
+4. **Reporting Mechanisms**: Creating clear channels for reporting suspicious activities
+5. **Response Protocols**: Developing procedures for handling potential social engineering incidents
+
+### Implementation Steps
+
+1. Develop targeted training on common social engineering tactics
+2. Implement regular phishing simulations and other controlled tests
+3. Establish protocols for verifying requests for sensitive information or actions
+4. Create and communicate clear procedures for reporting suspicious activities
+5. Regularly update training and awareness materials based on current threats
+
+### Web3-Specific Considerations
+
+1. **Community Channels**: Address social engineering in Discord, Telegram, and other platforms
+2. **Crypto-Specific Scams**: Educate about common scams like fake airdrops and giveaways
+3. **Impersonation**: Train team members to verify identity through secure channels
+4. **Public Information**: Consider the risks of publicly available information about team members
+5. **Multiple Communication Channels**: Establish out-of-band verification for critical actions
+
+## Insider-Threat Mitigation
+
+Addressing risks posed by team members who may intentionally or unintentionally compromise security.
+
+### Key Components
+
+1. **Access Controls**: Implementing least privilege and separation of duties
+2. **Monitoring**: Establishing appropriate monitoring of user activities
+3. **Onboarding/Offboarding**: Securing processes for adding and removing team members
+4. **Behavior Analytics**: Identifying unusual activities that may indicate threats
+5. **Response Procedures**: Developing protocols for addressing potential insider threats
+
+### Implementation Steps
+
+1. Implement robust access controls based on the principle of least privilege
+2. Establish monitoring for critical systems and sensitive data access
+3. Develop and enforce secure onboarding and offboarding procedures
+4. Create guidelines for identifying and reporting concerning behaviors
+5. Establish response procedures that balance security with privacy and legal considerations
+
+### Web3-Specific Considerations
+
+1. **Key Management**: Implement controls for those with access to private keys
+2. **Multi-Signature Requirements**: Use multi-signature arrangements for critical operations
+3. **Distributed Teams**: Address insider threat risks in remote and distributed teams
+4. **Pseudonymous Contributors**: Develop trust models for pseudonymous team members
+5. **Financial Incentives**: Consider unique incentives related to cryptocurrency holdings
+
+## Security Training & Culture
+
+Building a culture where security is valued and integrated into daily operations.
+
+### Key Components
+
+1. **Security Awareness Program**: Comprehensive training on security principles
+2. **Role-Based Training**: Specialized training based on job responsibilities
+3. **Security Champions**: Designated representatives who promote security within teams
+4. **Continuous Learning**: Ongoing education about emerging threats
+5. **Positive Reinforcement**: Recognizing and rewarding security-conscious behavior
+
+### Implementation Steps
+
+1. Develop a comprehensive security awareness program
+2. Implement role-specific security training for different functions
+3. Establish a security champions program to promote security within teams
+4. Create a continuous learning program with regular updates on new threats
+5. Develop recognition programs for security-conscious behaviors and reporting
+6. Integrate security into performance evaluations and team objectives
+
+### Web3-Specific Considerations
+
+1. **Crypto-Specific Training**: Educate on unique aspects of blockchain security
+2. **Open-Source Mindset**: Balance security with transparency in an open-source culture
+3. **Decentralized Teams**: Deliver effective training across distributed organizations
+4. **Rapidly Evolving Threats**: Keep training current with fast-changing Web3 threats
+5. **Community Education**: Extend security awareness to community members and users
+
+## Personnel Security Measures
+
+Ensuring appropriate security controls throughout the employment lifecycle.
+
+### Key Components
+
+1. **Pre-Employment Screening**: Appropriate background checks and verification
+2. **Security Agreements**: Confidentiality and acceptable use policies
+3. **Clear Expectations**: Defined security responsibilities for all roles
+4. **Performance Management**: Integration of security into performance evaluation
+5. **Termination Procedures**: Secure processes for departing team members
+
+### Implementation Steps
+
+1. Implement appropriate pre-employment screening procedures
+2. Develop and require security agreements for all team members
+3. Clearly document security responsibilities in job descriptions
+4. Include security considerations in performance evaluations
+5. Establish and enforce secure termination procedures
+
+### Web3-Specific Considerations
+
+1. **Pseudonymous Contributors**: Develop alternative verification approaches
+2. **Global Teams**: Navigate screening challenges across different jurisdictions
+3. **Community Contributors**: Address security for non-employee contributors
+4. **DAO Participants**: Establish security expectations in decentralized organizations
+5. **Key Recovery**: Implement procedures for key recovery when team members depart
+
+Effective people and personnel controls recognize that security is fundamentally a human issue. By addressing social engineering, insider threats, and security awareness, organizations can transform their people from potential vulnerabilities into a critical line of defense.
\ No newline at end of file
diff --git a/src/opsec/control-domains/people/insider-threat-mitigation.md b/src/opsec/control-domains/people/insider-threat-mitigation.md
new file mode 100644
index 00000000..48449acd
--- /dev/null
+++ b/src/opsec/control-domains/people/insider-threat-mitigation.md
@@ -0,0 +1 @@
+# Insider-threat mitigation
diff --git a/src/opsec/control-domains/people/security-training-culture.md b/src/opsec/control-domains/people/security-training-culture.md
new file mode 100644
index 00000000..ba726671
--- /dev/null
+++ b/src/opsec/control-domains/people/security-training-culture.md
@@ -0,0 +1 @@
+# Security training & culture
diff --git a/src/opsec/control-domains/people/social-engineering-defense.md b/src/opsec/control-domains/people/social-engineering-defense.md
new file mode 100644
index 00000000..78f341ed
--- /dev/null
+++ b/src/opsec/control-domains/people/social-engineering-defense.md
@@ -0,0 +1 @@
+# Social-engineering defense
diff --git a/src/opsec/control-domains/physical-environmental.md b/src/opsec/control-domains/physical-environmental.md
new file mode 100644
index 00000000..f41bdbeb
--- /dev/null
+++ b/src/opsec/control-domains/physical-environmental.md
@@ -0,0 +1,114 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Physical & Environmental Controls
+
+Physical security is a crucial component of operational security that is often overlooked in digital-focused organizations. This section covers controls to protect physical assets, secure workspaces, and address travel security concerns.
+
+## Secure Workspace & Travel Security
+
+Implementing controls to secure physical work environments and protect team members while traveling.
+
+### Secure Workspace Components
+
+1. **Physical Access Controls**: Restricting access to facilities and sensitive areas
+2. **Visitor Management**: Procedures for handling visitors and contractors
+3. **Clean Desk Policy**: Guidelines for securing sensitive information when not in use
+4. **Environmental Monitoring**: Detection of environmental threats (fire, water, etc.)
+5. **Equipment Security**: Physical protection of hardware and devices
+
+### Implementation Steps for Workspace Security
+
+1. Implement appropriate physical access controls based on sensitivity
+2. Establish visitor management procedures and logging
+3. Develop and enforce clean desk and clear screen policies
+4. Implement environmental monitoring and response procedures
+5. Secure hardware with appropriate physical controls (locks, alarms, etc.)
+
+### Travel Security Components
+
+1. **Pre-Travel Assessment**: Evaluating security risks at destinations
+2. **Secure Travel Practices**: Guidelines for secure behavior while traveling
+3. **Device Security**: Protecting devices and data during travel
+4. **Emergency Response**: Procedures for handling security incidents while traveling
+5. **Post-Travel Measures**: Actions to take after returning from high-risk locations
+
+### Implementation Steps for Travel Security
+
+1. Develop pre-travel risk assessment procedures
+2. Create travel security guidelines for different risk levels
+3. Implement technical controls for devices used during travel
+4. Establish emergency response procedures for travelers
+5. Develop and enforce post-travel security measures where appropriate
+
+### Web3-Specific Considerations
+
+1. **Remote-First Organizations**: Addressing physical security in distributed teams
+2. **Hardware Wallets**: Securing cryptocurrency hardware devices
+3. **Conference Security**: Protecting team members at industry events
+4. **Pseudonymous Team Members**: Balancing privacy with physical security needs
+5. **Doxxing Risks**: Protecting team members from having personal information exposed
+
+## Tamper-Evidence & "Evil-Maid" Attacks
+
+Protecting against physical tampering with devices and equipment, especially when left unattended.
+
+### Key Components
+
+1. **Tamper-Evident Measures**: Physical indicators of device tampering
+2. **Device Integrity Verification**: Methods to verify device has not been compromised
+3. **Secure Storage**: Protected storage for sensitive devices when not in use
+4. **Device Handling Procedures**: Guidelines for maintaining device chain of custody
+5. **Response Procedures**: Actions to take when tampering is suspected
+
+### Implementation Steps
+
+1. Implement tamper-evident measures for sensitive devices (seals, markers, etc.)
+2. Establish procedures for verifying device integrity after periods of absence
+3. Provide secure storage options for devices when not in use
+4. Develop clear device handling procedures
+5. Create response plans for suspected tampering incidents
+6. Train team members on tamper detection and response
+
+### Web3-Specific Considerations
+
+1. **Hardware Wallet Security**: Protecting cryptocurrency hardware devices
+2. **Cold Storage**: Physical security for offline key storage
+3. **Seed Phrase Protection**: Secure storage of recovery phrases
+4. **Air-Gapped Systems**: Maintaining security of isolated systems
+5. **Physical Backup Security**: Protecting backup storage media
+
+## Physical Security of Critical Assets
+
+Protecting the physical security of servers, network equipment, and other critical infrastructure.
+
+### Key Components
+
+1. **Asset Inventory**: Cataloging and tracking physical assets
+2. **Secure Facilities**: Protected locations for critical infrastructure
+3. **Environmental Controls**: Protection against environmental threats
+4. **Maintenance Procedures**: Secure processes for equipment maintenance
+5. **Disposal Procedures**: Secure disposal of equipment and media
+
+### Implementation Steps
+
+1. Maintain a comprehensive inventory of physical assets
+2. Implement appropriate physical security controls for facilities
+3. Deploy environmental monitoring and protection systems
+4. Establish secure maintenance procedures
+5. Develop and enforce secure disposal procedures for equipment and media
+
+### Web3-Specific Considerations
+
+1. **Node Security**: Physical protection of blockchain nodes
+2. **Validator Security**: Enhanced protection for validator infrastructure
+3. **Redundancy Planning**: Physical distribution of backup systems
+4. **Hardware Security Modules**: Physical protection of HSMs
+5. **Key Ceremony Security**: Physical controls for key generation events
+
+Effective physical and environmental security controls address risks that are often overlooked in digital-focused organizations. By implementing appropriate physical protections, organizations can prevent attacks that bypass technical controls through physical access or tampering.
\ No newline at end of file
diff --git a/src/opsec/control-domains/physical-environmental/secure-workspace-travel.md b/src/opsec/control-domains/physical-environmental/secure-workspace-travel.md
new file mode 100644
index 00000000..170f1a30
--- /dev/null
+++ b/src/opsec/control-domains/physical-environmental/secure-workspace-travel.md
@@ -0,0 +1 @@
+# Secure workspace & travel security
diff --git a/src/opsec/control-domains/physical-environmental/tamper-evidence.md b/src/opsec/control-domains/physical-environmental/tamper-evidence.md
new file mode 100644
index 00000000..9603469d
--- /dev/null
+++ b/src/opsec/control-domains/physical-environmental/tamper-evidence.md
@@ -0,0 +1 @@
+# Tamper-evidence & "evil-maid"
diff --git a/src/opsec/control-domains/technical.md b/src/opsec/control-domains/technical.md
new file mode 100644
index 00000000..cf1bb154
--- /dev/null
+++ b/src/opsec/control-domains/technical.md
@@ -0,0 +1,158 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Technical & Digital Controls
+
+Technical controls form the backbone of operational security, protecting systems, networks, and data from digital threats. This section outlines key technical controls that should be implemented as part of a comprehensive security program.
+
+## Device Hardening
+
+Securing devices by minimizing attack surfaces and implementing defensive configurations.
+
+### Key Components
+
+1. **Secure Configuration Baselines**: Standardized secure configurations for different device types
+2. **Endpoint Protection**: Anti-malware, application control, and other protective tools
+3. **OS Hardening**: Removing unnecessary services and securing operating systems
+4. **Patch Management**: Keeping systems updated with security patches
+5. **Local Firewall**: Controlling network connections at the device level
+
+### Implementation Steps
+
+1. Develop secure configuration baselines for each device type
+2. Implement endpoint protection solutions on all devices
+3. Remove or disable unnecessary services, applications, and features
+4. Establish an effective patch management process
+5. Configure local firewalls with appropriate rules
+6. Regularly scan for compliance with security baselines
+
+### Web3-Specific Considerations
+
+1. **Development Environments**: Securing environments used for smart contract development
+2. **Cold Storage Systems**: Hardening systems used for cryptocurrency key management
+3. **Transaction Signing Devices**: Enhanced security for devices used to sign transactions
+4. **Node Operation**: Specialized hardening for blockchain node infrastructure
+5. **Testing Environments**: Securing environments used for contract testing and simulation
+
+## Network & Communication Security
+
+Protecting data in transit and securing network infrastructure against attacks.
+
+### Key Components
+
+1. **Network Segmentation**: Dividing networks into security zones
+2. **Encrypted Communications**: Protecting data transmitted over networks
+3. **Secure Remote Access**: VPN and other secure access solutions
+4. **Network Monitoring**: Detecting suspicious network activity
+5. **Perimeter Security**: Firewalls, intrusion prevention, and other boundary protections
+
+### Implementation Steps
+
+1. Implement network segmentation based on security requirements
+2. Deploy encryption for all sensitive communications
+3. Establish secure remote access solutions with strong authentication
+4. Implement network monitoring and traffic analysis
+5. Deploy and properly configure perimeter security controls
+6. Regularly test network security through vulnerability assessments and penetration testing
+
+### Web3-Specific Considerations
+
+1. **Node Communication**: Securing blockchain node communications
+2. **API Security**: Protecting interfaces to blockchain services
+3. **RPC Endpoint Protection**: Securing remote procedure call endpoints
+4. **P2P Network Security**: Addressing risks in peer-to-peer networks
+5. **MEV Protection**: Mitigating risks related to maximal extractable value
+
+## Encrypted Storage & Backups
+
+Protecting data at rest through encryption and secure backup strategies.
+
+### Key Components
+
+1. **Full-Disk Encryption**: Encrypting entire storage devices
+2. **File-Level Encryption**: Protecting individual sensitive files
+3. **Key Management**: Securely managing encryption keys
+4. **Secure Backups**: Protecting backup data through encryption and access controls
+5. **Recovery Testing**: Verifying the ability to restore from backups
+
+### Implementation Steps
+
+1. Implement full-disk encryption on all devices storing sensitive data
+2. Deploy file-level encryption for particularly sensitive information
+3. Establish secure key management processes with appropriate access controls
+4. Implement encrypted and access-controlled backup solutions
+5. Regularly test backup recovery processes
+6. Store backup media securely with appropriate physical protections
+
+### Web3-Specific Considerations
+
+1. **Seed Phrase Backups**: Secure storage of wallet recovery information
+2. **Multi-Location Backups**: Distributing backup data to prevent single points of failure
+3. **Cold Storage Backups**: Offline backup strategies for critical keys
+4. **Smart Contract Backups**: Preserving contract source code and deployment parameters
+5. **Social Recovery Options**: Implementing secure social recovery systems for critical keys
+
+## Two-Factor & Hardware Authentication
+
+Strengthening authentication through multiple factors and hardware-based solutions.
+
+### Key Components
+
+1. **Multi-Factor Authentication**: Requiring multiple verification methods
+2. **Hardware Security Keys**: Physical devices for authentication
+3. **Biometric Authentication**: Using biological characteristics for verification
+4. **Time-Based One-Time Passwords**: Temporary codes for authentication
+5. **Single Sign-On Integration**: Centralizing and securing authentication
+
+### Implementation Steps
+
+1. Implement multi-factor authentication for all access to sensitive systems
+2. Deploy hardware security keys for high-value accounts and systems
+3. Establish backup authentication methods and recovery processes
+4. Integrate MFA with single sign-on solutions where appropriate
+5. Train users on proper use of authentication tools
+6. Regularly audit authentication configurations and access
+
+### Web3-Specific Considerations
+
+1. **Hardware Wallets**: Using dedicated devices for cryptocurrency transactions
+2. **Multi-Signature Setups**: Requiring multiple approvals for critical transactions
+3. **Air-Gapped Signing**: Using offline devices for transaction signing
+4. **Social Recovery**: Implementing secure key recovery through trusted contacts
+5. **DApp Authentication**: Securing connections to decentralized applications
+
+## Cryptocurrency-Specific Controls
+
+Technical controls specifically designed to address the unique security challenges of cryptocurrency operations.
+
+### Key Components
+
+1. **Wallet Security**: Technical measures to secure cryptocurrency wallets
+2. **Transaction Verification**: Processes to verify transaction details before signing
+3. **Key Management**: Secure generation, storage, and use of cryptographic keys
+4. **Blockchain Monitoring**: Tracking on-chain activity for anomalies
+5. **Smart Contract Security**: Technical controls for secure contract interaction
+
+### Implementation Steps
+
+1. Implement appropriate wallet solutions based on security requirements
+2. Establish transaction verification procedures with multiple checks
+3. Deploy secure key management practices and technologies
+4. Implement monitoring for blockchain transactions and activities
+5. Develop secure processes for smart contract interaction
+6. Regularly review and update cryptocurrency security controls
+
+### Web3-Specific Best Practices
+
+1. **Cold Storage**: Using offline systems for storing significant assets
+2. **Multi-Signature Wallets**: Requiring multiple approvals for transactions
+3. **Transaction Simulation**: Testing transactions before execution
+4. **Gas Limit Setting**: Controlling transaction costs and preventing attacks
+5. **Contract Interaction Verification**: Verifying contract behavior before approval
+
+Effective technical and digital controls provide a strong foundation for operational security. By implementing comprehensive device, network, data, and authentication protections, organizations can significantly reduce their attack surface and better protect their digital assets.
\ No newline at end of file
diff --git a/src/opsec/control-domains/technical/cryptocurrency-controls.md b/src/opsec/control-domains/technical/cryptocurrency-controls.md
new file mode 100644
index 00000000..a8f2c7ae
--- /dev/null
+++ b/src/opsec/control-domains/technical/cryptocurrency-controls.md
@@ -0,0 +1 @@
+# Cryptocurrency-specific controls
diff --git a/src/opsec/control-domains/technical/device-hardening.md b/src/opsec/control-domains/technical/device-hardening.md
new file mode 100644
index 00000000..007d034f
--- /dev/null
+++ b/src/opsec/control-domains/technical/device-hardening.md
@@ -0,0 +1 @@
+# Device hardening
diff --git a/src/opsec/control-domains/technical/encrypted-storage-backups.md b/src/opsec/control-domains/technical/encrypted-storage-backups.md
new file mode 100644
index 00000000..36adcf84
--- /dev/null
+++ b/src/opsec/control-domains/technical/encrypted-storage-backups.md
@@ -0,0 +1 @@
+# Encrypted storage & backups
diff --git a/src/opsec/control-domains/technical/network-communication-security.md b/src/opsec/control-domains/technical/network-communication-security.md
new file mode 100644
index 00000000..a9196399
--- /dev/null
+++ b/src/opsec/control-domains/technical/network-communication-security.md
@@ -0,0 +1 @@
+# Network & communication security
diff --git a/src/opsec/control-domains/technical/two-factor-hardware-auth.md b/src/opsec/control-domains/technical/two-factor-hardware-auth.md
new file mode 100644
index 00000000..719bbcc3
--- /dev/null
+++ b/src/opsec/control-domains/technical/two-factor-hardware-auth.md
@@ -0,0 +1 @@
+# Two-factor & hardware authentication
diff --git a/src/opsec/governance-program-management.md b/src/opsec/governance-program-management.md
new file mode 100644
index 00000000..5c872f7d
--- /dev/null
+++ b/src/opsec/governance-program-management.md
@@ -0,0 +1,81 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Governance & Program Management
+
+Effective operational security requires a structured approach to governance and program management. This section outlines how to establish and maintain security policies, roles, and responsibilities within your organization.
+
+## Security Policies & Roles
+
+Security policies provide the foundation for an organization's security posture, while clearly defined roles ensure accountability and proper implementation of those policies.
+
+### Key Security Policies
+
+1. **Information Security Policy**: The overarching policy that defines the organization's approach to information security
+2. **Acceptable Use Policy**: Guidelines for appropriate use of organizational resources
+3. **Access Control Policy**: Rules for granting, reviewing, and revoking access to systems and data
+4. **Incident Response Policy**: Procedures for identifying, reporting, and responding to security incidents
+5. **Data Classification Policy**: Framework for categorizing data based on sensitivity and criticality
+6. **Password Policy**: Requirements for password complexity, rotation, and management
+7. **Remote Work Policy**: Security requirements for team members working remotely
+
+### Essential Security Roles
+
+1. **Security Lead/Officer**: Oversees the security program and strategy
+2. **Security Champions**: Representatives from different teams who advocate for security
+3. **Incident Response Team**: Individuals responsible for handling security incidents
+4. **Policy Owners**: Those responsible for developing and maintaining specific policies
+5. **Compliance Manager**: Ensures adherence to relevant regulations and standards
+
+### Implementation Steps
+
+1. Develop policies that align with your organization's risk profile and regulatory requirements
+2. Ensure policies are clear, concise, and accessible to all team members
+3. Define roles and responsibilities with specific accountability metrics
+4. Provide training to ensure understanding of policies and roles
+5. Regularly review and update policies to address emerging threats and changes in the organization
+
+## Third-Party/Vendor Governance
+
+Managing security risks associated with third-party vendors and partners is critical for maintaining a strong security posture.
+
+### Key Components
+
+1. **Vendor Risk Assessment**: Process for evaluating the security posture of potential vendors
+2. **Security Requirements**: Clear security expectations for vendors accessing or processing your data
+3. **Contractual Safeguards**: Security and privacy clauses in vendor contracts
+4. **Ongoing Monitoring**: Continuous assessment of vendor security practices
+5. **Incident Response Coordination**: Procedures for joint handling of security incidents
+
+### Implementation Steps
+
+1. Develop a vendor classification system based on the criticality of services and data access
+2. Establish minimum security requirements for each vendor category
+3. Implement a formal vendor onboarding process that includes security assessments
+4. Regularly audit high-risk vendors for compliance with security requirements
+5. Develop procedures for addressing security concerns with vendors
+
+## Web3-Specific Considerations
+
+In Web3 environments, governance and program management must address unique challenges:
+
+1. **Decentralized Teams**: Managing security across geographically distributed teams, often with contractors or part-time contributors
+2. **Open-Source Components**: Governance of security for open-source dependencies and contributions
+3. **DAO Structures**: Aligning security governance with decentralized autonomous organization models
+4. **Regulatory Uncertainty**: Navigating evolving regulatory landscapes in different jurisdictions
+5. **Community Involvement**: Balancing community participation with centralized security oversight
+
+### Best Practices for Web3 Organizations
+
+1. Implement security governance that complements rather than conflicts with decentralized structures
+2. Clearly define security responsibilities, particularly for critical functions like treasury management
+3. Develop policies that address Web3-specific risks like private key management and smart contract deployments
+4. Create transparent security reporting channels that align with community values
+5. Establish clear incident response protocols that consider the public nature of blockchain activities
+
+Effective governance and program management provide the structure needed to implement operational security measures consistently across your organization, adapting traditional approaches to the unique challenges of Web3 environments.
diff --git a/src/opsec/governance/security-policies-roles.md b/src/opsec/governance/security-policies-roles.md
new file mode 100644
index 00000000..84081ab2
--- /dev/null
+++ b/src/opsec/governance/security-policies-roles.md
@@ -0,0 +1 @@
+# Security policies & roles
diff --git a/src/opsec/governance/third-party-vendor-governance.md b/src/opsec/governance/third-party-vendor-governance.md
new file mode 100644
index 00000000..f26c18b7
--- /dev/null
+++ b/src/opsec/governance/third-party-vendor-governance.md
@@ -0,0 +1 @@
+# Third-party/vendor governance
diff --git a/src/opsec/improvement/post-mortem.md b/src/opsec/improvement/post-mortem.md
new file mode 100644
index 00000000..8826e4f1
--- /dev/null
+++ b/src/opsec/improvement/post-mortem.md
@@ -0,0 +1 @@
+# Post-Mortem & Lessons Learned
diff --git a/src/opsec/improvement/security-kpis.md b/src/opsec/improvement/security-kpis.md
new file mode 100644
index 00000000..d2f3bf08
--- /dev/null
+++ b/src/opsec/improvement/security-kpis.md
@@ -0,0 +1 @@
+# Security KPIs & Reporting
diff --git a/src/opsec/incident-response-recovery.md b/src/opsec/incident-response-recovery.md
new file mode 100644
index 00000000..af6f98b3
--- /dev/null
+++ b/src/opsec/incident-response-recovery.md
@@ -0,0 +1,170 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Incident Response & Recovery
+
+Even with strong security controls, incidents can occur. This section outlines how to prepare for, respond to, and recover from security incidents effectively.
+
+## Playbooks for Common Incidents
+
+Predefined procedures for responding to specific types of security incidents help ensure consistent and effective responses.
+
+### Device Loss or Theft
+
+1. **Immediate Actions**:
+ - Report the incident to security team
+ - Remotely wipe device if possible
+ - Change passwords for accounts accessible from the device
+ - Revoke authentication tokens and certificates
+
+2. **Investigation Steps**:
+ - Determine what data was on the device
+ - Assess potential access to systems and accounts
+ - Review logs for any access after loss/theft
+
+3. **Recovery Actions**:
+ - Issue replacement device with clean installation
+ - Restore necessary data from backups
+ - Document the incident and update procedures if needed
+
+### Account Compromise
+
+1. **Immediate Actions**:
+ - Isolate the affected account
+ - Reset credentials and revoke sessions
+ - Review activity for signs of lateral movement
+ - Notify relevant stakeholders
+
+2. **Investigation Steps**:
+ - Determine the attack vector (phishing, credential stuffing, etc.)
+ - Identify all actions taken by the attacker
+ - Assess impact on data and systems
+
+3. **Recovery Actions**:
+ - Implement additional security controls
+ - Restore affected systems to known good state
+ - Conduct security awareness training if needed
+
+### Malware Infection
+
+1. **Immediate Actions**:
+ - Isolate affected systems from the network
+ - Preserve evidence for analysis
+ - Activate incident response team
+ - Notify relevant stakeholders
+
+2. **Investigation Steps**:
+ - Identify the malware type and capabilities
+ - Determine the infection vector
+ - Assess the scope of the infection
+ - Identify data and systems potentially affected
+
+3. **Recovery Actions**:
+ - Clean or reimage affected systems
+ - Restore data from clean backups
+ - Implement additional security controls
+ - Update anti-malware signatures and protections
+
+### Web3-Specific Incidents
+
+#### Private Key Compromise
+
+1. **Immediate Actions**:
+ - Transfer assets to secure wallets if possible
+ - Revoke permissions associated with the key
+ - Notify relevant stakeholders
+
+2. **Investigation Steps**:
+ - Determine how the key was compromised
+ - Review blockchain transactions for unauthorized activity
+ - Assess impact on assets and systems
+
+3. **Recovery Actions**:
+ - Generate new keys using secure procedures
+ - Update key management practices
+ - Conduct security awareness training if needed
+
+#### Smart Contract Exploit
+
+1. **Immediate Actions**:
+ - Pause contract functions if possible
+ - Alert users and stakeholders
+ - Implement circuit breaker if available
+
+2. **Investigation Steps**:
+ - Analyze the exploit and vulnerability
+ - Assess impact on assets and users
+ - Determine remediation options
+
+3. **Recovery Actions**:
+ - Deploy fixed contract
+ - Implement recovery plan for affected assets
+ - Update development and testing procedures
+
+## Containment, Eradication & Recovery Steps
+
+General process for responding to security incidents regardless of type.
+
+### Containment
+
+Limiting the impact and spread of the incident.
+
+1. **Immediate Containment**: Taking urgent actions to stop the incident from spreading
+2. **Evidence Preservation**: Capturing necessary information for investigation
+3. **Communication Control**: Managing information flow about the incident
+4. **Stakeholder Notification**: Informing those who need to know about the incident
+
+### Eradication
+
+Removing the cause of the incident.
+
+1. **Root Cause Identification**: Determining how the incident occurred
+2. **Threat Removal**: Eliminating malware, vulnerabilities, or other causes
+3. **Verification**: Ensuring the threat has been completely removed
+4. **Enhanced Monitoring**: Implementing additional monitoring to detect reoccurrence
+
+### Recovery
+
+Restoring systems and operations to normal.
+
+1. **Staged Restoration**: Gradually restoring systems in order of priority
+2. **Security Validation**: Verifying security controls before full restoration
+3. **Operational Verification**: Ensuring systems function correctly
+4. **User Notification**: Informing users when systems are restored
+
+## Web3-Specific Considerations
+
+Incident response in Web3 environments requires additional considerations:
+
+1. **Immutability Challenges**: Addressing the irreversible nature of blockchain transactions
+2. **Community Communication**: Managing public disclosure in decentralized communities
+3. **Cross-Chain Impacts**: Addressing incidents that affect multiple blockchains
+4. **Governance Activation**: Utilizing governance mechanisms for incident response
+5. **Post-Incident Compensation**: Developing approaches for making affected users whole
+
+## Documentation and Reporting
+
+Maintaining appropriate records throughout the incident response process.
+
+1. **Incident Timeline**: Documenting the sequence of events and actions taken
+2. **Evidence Collection**: Preserving relevant logs, artifacts, and other evidence
+3. **Impact Assessment**: Documenting the effects of the incident
+4. **Response Evaluation**: Assessing the effectiveness of the response
+5. **Formal Reporting**: Creating required reports for management, regulators, or others
+
+## Post-Incident Activities
+
+Actions to take after an incident has been resolved.
+
+1. **Lessons Learned**: Identifying what worked well and what could be improved
+2. **Control Updates**: Implementing new or enhanced security controls
+3. **Procedure Refinement**: Updating incident response procedures
+4. **Training Updates**: Incorporating lessons into security training
+5. **Threat Intelligence Sharing**: Contributing to community knowledge when appropriate
+
+Effective incident response requires preparation, practice, and continuous improvement. By developing comprehensive playbooks and procedures, organizations can respond quickly and effectively to security incidents, minimizing their impact and facilitating rapid recovery.
\ No newline at end of file
diff --git a/src/opsec/incident-response/containment-recovery.md b/src/opsec/incident-response/containment-recovery.md
new file mode 100644
index 00000000..3b1553db
--- /dev/null
+++ b/src/opsec/incident-response/containment-recovery.md
@@ -0,0 +1 @@
+# Containment, Eradication & Recovery
diff --git a/src/opsec/incident-response/playbooks.md b/src/opsec/incident-response/playbooks.md
new file mode 100644
index 00000000..1f094446
--- /dev/null
+++ b/src/opsec/incident-response/playbooks.md
@@ -0,0 +1 @@
+# Playbooks
diff --git a/src/opsec/integration.md b/src/opsec/integration.md
new file mode 100644
index 00000000..1aeb97d6
--- /dev/null
+++ b/src/opsec/integration.md
@@ -0,0 +1,158 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Integration & Mapping to Other Frameworks
+
+Operational security does not exist in isolation but interacts with and complements other security frameworks and practices. This section outlines how to integrate OpSec with other security domains and frameworks.
+
+## DevSecOps Alignment
+
+Integrating operational security with development, security, and operations practices.
+
+### Key Integration Points
+
+1. **Secure Development Lifecycle**: Incorporating OpSec principles into the development process
+2. **Infrastructure as Code Security**: Applying OpSec to infrastructure automation
+3. **CI/CD Pipeline Security**: Securing continuous integration and deployment pipelines
+4. **Security Automation**: Automating security controls and tests
+5. **Feedback Loops**: Creating effective security feedback mechanisms
+
+### Implementation Steps
+
+1. Integrate security requirements into user stories and development tasks
+2. Implement security gates in the CI/CD pipeline
+3. Automate security testing and compliance verification
+4. Establish shared security responsibilities across development and operations
+5. Create security champions within development teams
+6. Develop security playbooks for common development scenarios
+
+### Web3-Specific Considerations
+
+1. **Smart Contract Development**: Integrating security into contract development lifecycle
+2. **Protocol Upgrades**: Secure processes for protocol upgrades and migrations
+3. **Test Networks**: Security practices for testnet deployments
+4. **Validator Operations**: Secure DevOps for validator infrastructure
+5. **Node Deployment**: Security automation for node deployment and management
+
+## Privacy Framework Alignment
+
+Ensuring operational security supports and enhances privacy protections.
+
+### Key Integration Points
+
+1. **Data Minimization**: Collecting and retaining only necessary information
+2. **Privacy by Design**: Incorporating privacy considerations in security controls
+3. **Data Protection**: Securing personal and sensitive information
+4. **Access Controls**: Limiting access to private information
+5. **Transparency**: Clear communication about security and privacy practices
+
+### Implementation Steps
+
+1. Conduct privacy impact assessments for security controls
+2. Implement privacy-enhancing technologies alongside security measures
+3. Establish data classification that addresses both security and privacy
+4. Develop policies that balance security needs with privacy rights
+5. Create incident response procedures that respect privacy considerations
+6. Implement security controls that protect privacy by default
+
+### Web3-Specific Considerations
+
+1. **On-Chain Privacy**: Balancing blockchain transparency with privacy needs
+2. **Zero-Knowledge Proofs**: Implementing security for privacy-preserving technologies
+3. **Pseudonymity Protection**: Securing pseudonymous identities
+4. **Metadata Protection**: Addressing privacy risks from transaction metadata
+5. **Private Transaction Security**: Security for confidential transaction mechanisms
+
+## Governance Framework Alignment
+
+Integrating operational security with organizational governance structures.
+
+### Key Integration Points
+
+1. **Risk Management**: Aligning security activities with enterprise risk management
+2. **Compliance**: Ensuring security controls meet regulatory requirements
+3. **Security Policies**: Developing and enforcing policies that support governance
+4. **Oversight**: Establishing appropriate security oversight mechanisms
+5. **Reporting**: Creating effective security reporting to governance bodies
+
+### Implementation Steps
+
+1. Map security controls to governance requirements and objectives
+2. Integrate security risk assessments with enterprise risk management
+3. Develop security metrics that support governance reporting needs
+4. Establish clear security roles and responsibilities within governance structures
+5. Create escalation paths for security issues requiring governance attention
+6. Implement security compliance verification processes
+
+### Web3-Specific Considerations
+
+1. **DAO Governance**: Security integration with decentralized autonomous organizations
+2. **Token-Based Governance**: Security considerations for token voting systems
+3. **Multi-Signature Governance**: Security practices for multi-signature arrangements
+4. **On-Chain Governance**: Security for on-chain governance mechanisms
+5. **Regulatory Navigation**: Addressing evolving regulatory requirements
+
+## Mapping to Security Standards
+
+Aligning operational security practices with established security standards and frameworks.
+
+### Common Security Standards
+
+1. **ISO 27001**: Information security management systems
+2. **NIST Cybersecurity Framework**: Protect, detect, respond, recover
+3. **CIS Controls**: Prioritized security controls
+4. **OWASP**: Web application security best practices
+5. **SOC 2**: Trust services criteria for security, availability, and confidentiality
+
+### Implementation Steps
+
+1. Identify relevant standards based on organizational needs
+2. Map existing security controls to standard requirements
+3. Identify gaps requiring additional controls or processes
+4. Implement controls to address identified gaps
+5. Maintain documentation of standard alignment
+6. Consider formal certification where beneficial
+
+### Web3-Specific Standards
+
+1. **Blockchain Security Framework**: Emerging standards for blockchain security
+2. **Smart Contract Security Standard**: Best practices for contract security
+3. **OWASP for Smart Contracts**: Adapting web security principles to contracts
+4. **Token Security Standards**: Security standards for token implementations
+5. **Cross-Chain Security Standards**: Emerging standards for cross-chain security
+
+## Creating a Unified Security Approach
+
+Developing a cohesive security strategy that integrates all relevant frameworks.
+
+### Key Components
+
+1. **Security Strategy Alignment**: Ensuring consistent security objectives across frameworks
+2. **Unified Control Framework**: Developing a comprehensive set of security controls
+3. **Integrated Assessment**: Conducting holistic security assessments
+4. **Coordinated Improvement**: Aligning security improvement initiatives
+5. **Shared Metrics**: Developing common security metrics across frameworks
+
+### Implementation Steps
+
+1. Create a security integration team with representatives from different domains
+2. Develop a comprehensive security control framework that addresses all requirements
+3. Implement integrated security assessment processes
+4. Establish coordinated security improvement planning
+5. Develop unified security dashboards and reporting
+6. Create cross-domain security governance structures
+
+### Web3-Specific Considerations
+
+1. **Traditional-Web3 Security Integration**: Bridging conventional and blockchain security
+2. **Multi-Chain Security**: Unified approaches across multiple blockchains
+3. **Full-Stack Web3 Security**: Integrating security from smart contracts to front-end
+4. **Hybrid Governance Models**: Security in mixed centralized/decentralized governance
+5. **Ecosystem Security Collaboration**: Coordinating security across the ecosystem
+
+Effective integration of operational security with other frameworks creates a comprehensive security approach that addresses all aspects of an organization's security needs. By mapping controls, aligning processes, and coordinating improvements across frameworks, organizations can develop a cohesive security posture that is greater than the sum of its parts.
\ No newline at end of file
diff --git a/src/opsec/integration/devsecops.md b/src/opsec/integration/devsecops.md
new file mode 100644
index 00000000..bd21e706
--- /dev/null
+++ b/src/opsec/integration/devsecops.md
@@ -0,0 +1 @@
+# DevSecOps Integration
diff --git a/src/opsec/integration/governance.md b/src/opsec/integration/governance.md
new file mode 100644
index 00000000..e908edd8
--- /dev/null
+++ b/src/opsec/integration/governance.md
@@ -0,0 +1 @@
+# Governance Alignment
diff --git a/src/opsec/integration/privacy.md b/src/opsec/integration/privacy.md
new file mode 100644
index 00000000..4831908c
--- /dev/null
+++ b/src/opsec/integration/privacy.md
@@ -0,0 +1 @@
+# Privacy Framework Alignment
diff --git a/src/opsec/lifecycle.md b/src/opsec/lifecycle.md
new file mode 100644
index 00000000..110b9e10
--- /dev/null
+++ b/src/opsec/lifecycle.md
@@ -0,0 +1,107 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# OpSec Lifecycle
+
+The Operational Security Lifecycle provides a structured approach to implementing and maintaining security controls. This section outlines the key phases of this lifecycle and how they work together to create a comprehensive security program.
+
+## Overview of the OpSec Lifecycle
+
+The Operational Security Lifecycle consists of five interconnected phases:
+
+1. **Identify Information & Assets**: Determine what needs protection
+2. **Threat Modeling & Analysis**: Identify potential threats
+3. **Vulnerability Assessment**: Identify weaknesses that could be exploited
+4. **Risk Assessment & Prioritization**: Evaluate and prioritize risks
+5. **Countermeasure Selection & Implementation**: Deploy appropriate security controls
+
+This lifecycle is not a one-time process but rather a continuous cycle of assessment, implementation, and improvement.
+
+## Phase 1: Identify Information & Assets
+
+The first phase involves identifying the critical information and assets that require protection. This includes:
+
+- Sensitive data and information
+- Critical systems and infrastructure
+- Key personnel and their roles
+- Operational processes and procedures
+- Intellectual property and proprietary information
+
+By identifying what needs protection, organizations can focus their security efforts on their most valuable assets.
+
+## Phase 2: Threat Modeling & Analysis
+
+Once critical assets are identified, the next phase involves analyzing potential threats to those assets. This includes:
+
+- Identifying potential threat actors (hackers, insiders, competitors, etc.)
+- Analyzing their capabilities, motivations, and methods
+- Mapping potential attack vectors and scenarios
+- Considering both technical and non-technical threats
+- Evaluating the evolving threat landscape
+
+Effective threat modeling provides insights into the specific threats that an organization faces, enabling more targeted security measures.
+
+## Phase 3: Vulnerability Assessment
+
+The vulnerability assessment phase identifies weaknesses that could be exploited by threats. This includes:
+
+- Technical vulnerabilities in systems and applications
+- Weaknesses in security processes and procedures
+- Gaps in security awareness and training
+- Physical security vulnerabilities
+- Supply chain and third-party vulnerabilities
+
+By identifying vulnerabilities, organizations can understand where their defenses may be inadequate.
+
+## Phase 4: Risk Assessment & Prioritization
+
+The risk assessment phase evaluates the likelihood and potential impact of threats exploiting vulnerabilities. This includes:
+
+- Assessing the probability of successful attacks
+- Evaluating the potential impact on operations, finances, and reputation
+- Calculating risk levels based on likelihood and impact
+- Prioritizing risks based on severity and resource constraints
+- Considering risk acceptance, mitigation, transfer, or avoidance options
+
+Risk assessment enables organizations to focus their security resources on the most significant risks.
+
+## Phase 5: Countermeasure Selection & Implementation
+
+The final phase involves selecting and implementing security controls to address identified risks. This includes:
+
+- Choosing appropriate technical, procedural, and physical controls
+- Implementing controls based on risk priorities
+- Testing the effectiveness of implemented controls
+- Training staff on new security measures
+- Documenting the implementation and configuration of controls
+
+Effective countermeasure implementation transforms security planning into practical protection.
+
+## Continuous Improvement
+
+The OpSec Lifecycle is not a linear process but a continuous cycle of improvement:
+
+- Regular reassessment of assets, threats, vulnerabilities, and risks
+- Monitoring the effectiveness of implemented controls
+- Adapting to changes in the threat landscape and organizational environment
+- Learning from security incidents and near-misses
+- Updating security measures based on new technologies and best practices
+
+Through continuous improvement, organizations can maintain an effective security posture in the face of evolving threats.
+
+## Web3-Specific Considerations
+
+In Web3 environments, the OpSec Lifecycle must address unique considerations:
+
+- **Asset Identification**: Including cryptocurrency holdings, smart contracts, and private keys
+- **Threat Modeling**: Addressing blockchain-specific threats like 51% attacks and MEV
+- **Vulnerability Assessment**: Considering smart contract vulnerabilities and consensus mechanisms
+- **Risk Assessment**: Evaluating the immutable nature of blockchain transactions
+- **Countermeasures**: Implementing controls specific to cryptocurrency and blockchain operations
+
+By adapting the OpSec Lifecycle to these considerations, Web3 organizations can develop security programs that address their unique risk profiles.
\ No newline at end of file
diff --git a/src/opsec/lifecycle/countermeasures.md b/src/opsec/lifecycle/countermeasures.md
new file mode 100644
index 00000000..d73202a4
--- /dev/null
+++ b/src/opsec/lifecycle/countermeasures.md
@@ -0,0 +1 @@
+# Countermeasure Selection & Implementation
diff --git a/src/opsec/lifecycle/identify.md b/src/opsec/lifecycle/identify.md
new file mode 100644
index 00000000..6bc0c3d1
--- /dev/null
+++ b/src/opsec/lifecycle/identify.md
@@ -0,0 +1 @@
+# Identify Information & Assets
diff --git a/src/opsec/lifecycle/risk-prioritization.md b/src/opsec/lifecycle/risk-prioritization.md
new file mode 100644
index 00000000..fa54d754
--- /dev/null
+++ b/src/opsec/lifecycle/risk-prioritization.md
@@ -0,0 +1 @@
+# Risk Assessment & Prioritization
diff --git a/src/opsec/lifecycle/threat-modeling.md b/src/opsec/lifecycle/threat-modeling.md
new file mode 100644
index 00000000..b86172d6
--- /dev/null
+++ b/src/opsec/lifecycle/threat-modeling.md
@@ -0,0 +1 @@
+# Threat Modeling & Analysis
diff --git a/src/opsec/lifecycle/vulnerability-assessment.md b/src/opsec/lifecycle/vulnerability-assessment.md
new file mode 100644
index 00000000..5855217b
--- /dev/null
+++ b/src/opsec/lifecycle/vulnerability-assessment.md
@@ -0,0 +1 @@
+# Vulnerability Assessment
diff --git a/src/opsec/monitoring-detection.md b/src/opsec/monitoring-detection.md
new file mode 100644
index 00000000..abc4b34a
--- /dev/null
+++ b/src/opsec/monitoring-detection.md
@@ -0,0 +1,135 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+---
+
+# Monitoring & Detection
+
+Effective security monitoring and detection are critical components of operational security. This section outlines approaches to implement monitoring systems that can identify security threats and anomalies in real-time.
+
+## Log Management & SIEM
+
+Centralized logging and security information and event management (SIEM) systems provide visibility into security events across the organization.
+
+### Key Components
+
+1. **Log Collection**: Gathering logs from systems, applications, and network devices
+2. **Log Normalization**: Standardizing log formats for consistent analysis
+3. **Log Correlation**: Identifying relationships between events across different sources
+4. **Log Retention**: Preserving logs for compliance and investigation purposes
+5. **Security Analytics**: Analyzing logs to identify threats and anomalies
+
+### Implementation Steps
+
+1. Identify critical log sources based on security requirements
+2. Implement centralized log collection infrastructure
+3. Configure proper log retention periods based on policy and compliance
+4. Implement log correlation and analysis capabilities
+5. Establish log review procedures for security events
+6. Ensure logs include appropriate detail without capturing sensitive data
+
+### Web3-Specific Considerations
+
+1. **Blockchain Logs**: Monitoring blockchain events and transactions
+2. **Smart Contract Events**: Capturing and analyzing events emitted by contracts
+3. **Node Operation Logs**: Monitoring blockchain node performance and security
+4. **Gas Usage Anomalies**: Detecting unusual transaction fee patterns
+5. **Bridge Activity**: Monitoring cross-chain bridge operations for anomalies
+
+## Alert Thresholds & Dashboards
+
+Establishing appropriate alert thresholds and dashboards to effectively monitor security status and respond to incidents.
+
+### Key Components
+
+1. **Alert Thresholds**: Defining conditions that trigger security alerts
+2. **Alert Prioritization**: Categorizing alerts based on severity and impact
+3. **Alert Routing**: Directing alerts to appropriate personnel
+4. **Security Dashboards**: Visual representations of security status
+5. **Metric Tracking**: Monitoring key security performance indicators
+
+### Implementation Steps
+
+1. Define alert thresholds based on baseline activity and risk assessment
+2. Implement alert prioritization to focus on the most critical issues
+3. Establish alert routing procedures to ensure proper response
+4. Create dashboards that provide actionable security insights
+5. Regularly review and tune alert thresholds to reduce false positives
+6. Develop procedures for escalating and responding to alerts
+
+### Web3-Specific Considerations
+
+1. **Transaction Monitoring**: Alerting on unusual blockchain transactions
+2. **Smart Contract Monitoring**: Detecting potential exploits or vulnerabilities
+3. **Governance Monitoring**: Tracking governance proposals and voting
+4. **Price Oracle Monitoring**: Detecting anomalies in price feed data
+5. **Liquidity Monitoring**: Alerting on significant liquidity changes
+
+## Threat Detection Approaches
+
+Various approaches to detecting security threats through monitoring and analysis.
+
+### Signature-Based Detection
+
+Identifying known threat patterns based on signatures or indicators of compromise.
+
+1. **Implementation**: Deploy solutions with threat intelligence feeds
+2. **Strengths**: Effective against known threats with clear signatures
+3. **Limitations**: Cannot detect novel or sophisticated attacks
+4. **Best Practices**: Regularly update signature databases and threat intelligence
+
+### Behavioral Detection
+
+Identifying anomalies based on deviations from normal behavior patterns.
+
+1. **Implementation**: Deploy solutions that establish baselines and detect deviations
+2. **Strengths**: Can detect previously unknown threats and insider activities
+3. **Limitations**: Requires tuning to reduce false positives
+4. **Best Practices**: Establish accurate baselines during low-threat periods
+
+### Heuristic Detection
+
+Using rules and algorithms to identify suspicious activities based on behavior characteristics.
+
+1. **Implementation**: Deploy solutions with customizable detection rules
+2. **Strengths**: Balance between signature and behavioral approaches
+3. **Limitations**: Requires ongoing rule refinement
+4. **Best Practices**: Regularly review and update detection rules
+
+### Threat Hunting
+
+Proactively searching for threats that have evaded automated detection.
+
+1. **Implementation**: Establish dedicated threat hunting capabilities
+2. **Strengths**: Can identify sophisticated threats and APTs
+3. **Limitations**: Resource-intensive and requires skilled personnel
+4. **Best Practices**: Develop hypothesis-driven hunting processes
+
+## Web3-Specific Monitoring
+
+Specialized monitoring approaches for Web3 environments.
+
+### On-Chain Monitoring
+
+Monitoring blockchain transactions and smart contract interactions.
+
+1. **Transaction Monitoring**: Tracking unusual transaction patterns
+2. **Smart Contract Events**: Monitoring events emitted by contracts
+3. **Token Transfers**: Tracking movement of tokens and assets
+4. **Gas Usage Analysis**: Identifying unusual gas consumption patterns
+5. **Governance Actions**: Monitoring governance proposals and votes
+
+### Off-Chain Monitoring
+
+Monitoring infrastructure, applications, and services supporting blockchain operations.
+
+1. **Node Monitoring**: Tracking performance and security of blockchain nodes
+2. **API Security Monitoring**: Detecting suspicious API usage
+3. **Frontend Application Monitoring**: Identifying unusual user interactions
+4. **Infrastructure Security Monitoring**: Tracking security events in supporting infrastructure
+5. **Team Member Activity Monitoring**: Detecting unusual access or activities
+
+Effective monitoring and detection enable organizations to identify security threats quickly, reducing the potential impact of security incidents. By implementing comprehensive monitoring across both traditional and Web3-specific environments, organizations can maintain visibility into their security posture and respond promptly to emerging threats.
\ No newline at end of file
diff --git a/src/opsec/monitoring/alert-thresholds.md b/src/opsec/monitoring/alert-thresholds.md
new file mode 100644
index 00000000..53d2ae96
--- /dev/null
+++ b/src/opsec/monitoring/alert-thresholds.md
@@ -0,0 +1 @@
+# Alert Thresholds & Dashboards
diff --git a/src/opsec/monitoring/log-management.md b/src/opsec/monitoring/log-management.md
new file mode 100644
index 00000000..260727c6
--- /dev/null
+++ b/src/opsec/monitoring/log-management.md
@@ -0,0 +1 @@
+# Log Management & SIEM
diff --git a/src/opsec/principles/README.md b/src/opsec/principles/README.md
new file mode 100644
index 00000000..2417dd8f
--- /dev/null
+++ b/src/opsec/principles/README.md
@@ -0,0 +1,58 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# Principles & Concepts Overview
+
+Operational Security (OpSec) is built upon foundational principles and processes that help organizations protect sensitive information and critical assets. This section covers the essential concepts that form the basis of an effective operational security program.
+
+## What is Operational Security?
+
+Operational Security is a process that:
+
+1. Identifies critical information and assets
+2. Analyzes threats to those assets
+3. Assesses vulnerabilities that could be exploited
+4. Determines risks and potential impacts
+5. Implements countermeasures to mitigate risks
+
+The goal is to prevent adversaries from gaining access to information that could be harmful if disclosed or compromised.
+
+## Core Principles
+
+The following principles form the foundation of operational security:
+
+- **Defense in Depth**: Implementing multiple layers of security controls so that if one fails, others will provide protection.
+- **Principle of Least Privilege**: Granting users, systems, and processes only the minimum access rights necessary to perform their functions.
+- **Need-to-Know Basis**: Restricting information access to only those who require it to perform their duties.
+- **Compartmentalization**: Dividing information and systems into isolated segments to limit the impact of a breach.
+- **Continuous Monitoring and Improvement**: Regularly assessing security measures and adapting to evolving threats and vulnerabilities.
+
+## The Five Steps of the OpSec Process
+
+1. **Identification of Critical nformation**: Determine what information, if obtained by adversaries, could harm your organization or operations.
+2. **Threat Analysis**: Identify potential adversaries, their capabilities, and their interest in your critical information.
+3. **Vulnerability Assessment**: Analyze how your critical information might be exposed through vulnerabilities in your systems, processes, or personnel.
+4. **Risk Assessment**: Evaluate the likelihood and potential impact of various threats exploiting identified vulnerabilities.
+5. **Countermeasure Implementation**: Develop and deploy security controls to mitigate identified risks, considering cost, effectiveness, and operational impact.
+
+## Web3-Specific Considerations
+
+In Web3 environments, operational security must address unique challenges:
+
+- **Transparency vs. Privacy**: Balancing blockchain transparency with the need for operational secrecy
+- **Decentralized Operations**: Securing operations across distributed teams and systems
+- **Cryptocurrency Security**: Protecting digital assets and private keys
+- **Smart Contract Vulnerabilities**: Addressing the immutable nature of deployed code
+- **Community Dynamics**: Managing security in open, community-driven projects
\ No newline at end of file
diff --git a/src/opsec/principles/five-steps.md b/src/opsec/principles/five-steps.md
new file mode 100644
index 00000000..98f19449
--- /dev/null
+++ b/src/opsec/principles/five-steps.md
@@ -0,0 +1,88 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# The Five Steps of the OpSec Process
+
+> π **Key Takeaway**: OpSec is built on five critical steps: identifying what needs protection, analyzing potential threats, assessing vulnerabilities, evaluating risks, and implementing appropriate countermeasures.
+
+If we were to summarize the most crucial and important steps of Operational Security, whether it is for an individual or an organization, we would do as follows. These are not step-by-steps, but can serve as a kick-off process to be further improved after its first iteration.
+
+## 1. Identification of Critical Information
+
+Determine what information, if obtained by adversaries, could harm your organization or operations.
+
+> **π Related Framework:** This step aligns with [Asset Inventory](../infrastructure/asset-inventory.md) practices and informs [Data Protection](../operational-security/data-protection/) strategies.
+
+### Implementation
+
+1. Create an inventory of all sensitive information assets
+2. Classify information based on sensitivity and impact if compromised
+3. Document where critical information is stored, processed, and transmitted
+4. Identify the owners and authorized users of each information asset
+5. Regularly review and update your critical information inventory
+
+## 2. Threat Analysis
+
+Identify potential adversaries, their capabilities, and their interest in your critical information.
+
+> **π Related Framework:** For detailed approaches, see [Understanding Threat Vectors](../awareness/understanding-threat-vectors.md) and [Threat Modeling](../threat-modeling/) frameworks.
+
+### Implementation
+
+1. Research known threat actors relevant to your industry or organization
+2. Analyze adversaries' motivations, resources, and methods
+3. Consider both external threats (hackers, competitors) and internal threats (insiders)
+4. Stay informed about emerging threats and attack techniques
+5. Document threat scenarios specific to your organization's context
+
+## 3. Vulnerability Assessment
+
+Analyze how your critical information might be exposed through vulnerabilities in your systems, processes, or personnel.
+
+> **π Related Framework:** This connects with [Security Testing](../security-testing/) framework, including [Static Application Security Testing](../security-testing/static-application-security-testing.md), [Dynamic Application Security Testing](../security-testing/dynamic-application-security-testing.md), and vulnerability management practices.
+
+### Implementation
+
+1. Conduct technical vulnerability scans of systems and networks
+2. Review processes and procedures for security gaps
+3. Assess personnel security awareness and adherence to security policies
+4. Examine physical security controls protecting critical assets
+5. Evaluate third-party and supply chain vulnerabilities that could impact your organization
+
+## 4. Risk Assessment
+
+Evaluate the likelihood and potential impact of various threats exploiting identified vulnerabilities.
+
+> **π Related Framework:** For comprehensive approaches, see [Governance](../governance/) and [Risk Management](../governance/risk-management.md) frameworks.
+
+### Implementation
+
+1. Calculate risk based on threat probability and potential impact
+2. Prioritize risks based on severity and criticality to operations
+3. Document acceptable risk thresholds for different types of assets
+4. Consider cascading effects of security compromises
+5. Present risk assessments in clear terms for executive decision-making
+
+## 5. Countermeasure Implementation
+
+Develop and deploy security controls to mitigate identified risks, considering cost, effectiveness, and operational impact.
+
+> **π Related Framework:** Implementation connects with [Security Automation](../security-automation/) and various control frameworks like [Infrastructure](../infrastructure/) and [Identity and Access Management](../iam/).
+
+### Implementation
+
+1. Select appropriate technical, administrative, and physical controls
+2. Implement controls based on risk prioritization
+3. Test controls to ensure they function as intended
+4. Document procedures for maintaining and updating controls
+5. Train personnel on new security measures and their importance
\ No newline at end of file
diff --git a/src/opsec/principles/principles.md b/src/opsec/principles/principles.md
new file mode 100644
index 00000000..835cb0db
--- /dev/null
+++ b/src/opsec/principles/principles.md
@@ -0,0 +1,101 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# Operational Security Principles
+
+> π **Key Takeaway**: Effective OpSec relies on five core principles: layered defenses, minimal access rights, need-to-know information sharing, system compartmentalization, and continuous monitoringβall working together to protect sensitive information from adversaries.
+
+The goal is to prevent adversaries from gaining access to information that could be harmful if disclosed or compromised.
+
+> **Practical Example: Web3 Organization**
+>
+> Consider a Web3 project managing a DeFi protocol with a treasury of $10M in assets. Proper operational security would involve:
+>
+> - **Multiple security layers**: Hardware wallets for cold storage, multi-signature requirements for transactions, regular security audits, and continuous monitoring
+> - **Access control**: Only specific team members have access to deployment keys, with different permission levels for development, testing, and production environments
+> - **Compartmentalized information**: Private keys for multi-signature wallets are distributed among trusted team members with no single person having access to all keys, and sensitive incident response procedures are only shared with the security team
+> - **Regular threat assessment**: The team conducts quarterly reviews of potential attack vectors, from smart contract vulnerabilities to [social engineering](../../awareness/understanding-threat-vectors.md) attempts targeting team members
+
+## 1. Defense in Depth
+
+Defense in Depth is the practice of layering security controls throughout your systems and processes, so that if one control fails, others will provide protection.
+
+> **π Related Framework:** This principle is applied across multiple frameworks including [Infrastructure](../infrastructure/) with [Zero-Trust Principles](../infrastructure/zero-trust-principles.md) and [Network Security](../infrastructure/network-security.md).
+
+### Implementation
+
+1. Deploy multiple security controls that address the same risk in different ways
+2. Implement security at various layers: physical, technical, administrative, and human
+3. Ensure no single point of failure exists in your security architecture
+4. Review the effectiveness of security layers regularly to identify gaps
+5. Foster a [security-aware mindset](../awareness/cultivating-a-security-aware-mindset.md) across all team members
+
+## 2. Principle of Least Privilege
+
+The Principle of Least Privilege dictates that users, systems, and processes should have only the minimum access rights necessary to perform their functions.
+
+> **π Related Framework:** For comprehensive implementation, see [Identity and Access Management](../iam/) and [Role-Based Access Control](../iam/role-based-access-control.md).
+
+### Implementation
+
+1. Grant the minimum level of access required for users to perform their duties
+2. Review and adjust access rights when roles change
+3. Implement role-based access control (RBAC) to standardize permissions
+4. Use time-limited and just-in-time access for administrative privileges
+5. Regularly audit access rights to identify and remove excessive permissions
+6. Establish a thorough offboarding process to immediately revoke access when team members leave
+7. Remove credentials for deactivated accounts, as these can become security liabilities even when dormant
+
+## 3. Need-to-Know Basis
+
+Information should only be shared with individuals who require that information to perform their duties.
+
+> **π Related Framework:** This principle is supported by practices in [Data Protection](../operational-security/data-protection/) and aspects of [Privacy](../privacy/).
+
+### Implementation
+
+1. Classify information based on sensitivity and restrict access accordingly
+2. Compartmentalize sensitive information to limit exposure in case of a breach
+3. Implement clear data handling and sharing policies
+4. Train team members on proper handling and sharing of sensitive information through regular [security training](../awareness/security-training.md)
+5. Use secure communication channels for sensitive information
+
+## 4. Compartmentalization
+
+Dividing information and systems into isolated segments to limit the impact of a breach.
+
+### Implementation
+
+1. Segment networks and systems based on functionality and sensitivity
+2. Isolate critical assets from general-purpose systems
+3. Separate development, testing, and production environments
+4. Use separate accounts and access methods for different security domains
+5. Implement firewalls and access controls between segments
+
+## 5. Continuous Monitoring and Improvement
+
+Security is not a one-time implementation but a continuous process of monitoring, evaluating, and improving.
+
+> **π Related Framework:** For implementation details, see the [Monitoring](../monitoring/) framework, including [Guidelines](../monitoring/guidelines.md) and [Thresholds](../monitoring/thresholds.md). Also relevant is [Incident Management](../incident-management/) for response to detected issues.
+
+### Implementation
+
+1. Establish security metrics to measure the effectiveness of controls
+2. Implement monitoring systems to detect security events and anomalies
+3. Conduct regular security assessments and penetration tests
+4. Learn from security incidents and near-misses
+5. Update security controls based on new threats, vulnerabilities, and technologies
+6. Ensure team members are [staying informed and continuously learning](../awareness/staying-informed-and-continuous-learning.md) about evolving security threats
+7. Utilize available [security resources](../awareness/resources-and-further-reading.md) to keep your security practices current
diff --git a/src/opsec/principles/web3-considerations.md b/src/opsec/principles/web3-considerations.md
new file mode 100644
index 00000000..4bd8a30f
--- /dev/null
+++ b/src/opsec/principles/web3-considerations.md
@@ -0,0 +1,87 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# Web3-Specific OpSec Considerations
+
+> π **Key Takeaway**: Web3 environments require specialized security approaches that balance blockchain transparency with privacy, address immutability risks, manage self-custody responsibilities, secure decentralized operations, mitigate smart contract vulnerabilities, and navigate community-driven security challenges.
+
+In addition to traditional OpSec principles, Web3 environments require consideration of unique challenges. Many organizations claim to be backed only by descentralized technologies, but they later realize that part of their process is dependant on technologies that are not.
+
+
+
+## Transparency vs. Privacy
+
+Balancing the transparent nature of blockchain with the need for operational privacy.
+
+### Implementation
+
+1. Understand what information is publicly visible on-chain
+2. Develop strategies to maintain operational privacy while utilizing public blockchains
+3. Use privacy-enhancing technologies where appropriate
+
+## Immutability and Finality
+
+Recognizing that blockchain transactions are generally irreversible, requiring heightened security before execution.
+
+### Implementation
+
+1. Implement robust verification procedures before executing transactions
+2. Use multi-signature requirements for high-value transactions
+3. Deploy transaction simulation tools to verify outcomes before execution
+
+## Self-Custody Responsibility
+
+Managing private keys and digital assets with appropriate security controls.
+
+> **π Related Framework:** For detailed guidance on wallet security practices, see the [Wallet Security](../wallet-security/) framework.
+
+### Implementation
+
+1. Develop clear procedures for wallet security
+2. Implement separation of duties for transaction approval
+3. Balance security with operational efficiency
+4. [Stay up-to-date](../awareness/staying-up-to-date.md) with best practices in wallet security and custody solutions
+
+## Decentralized Operations
+
+Securing operations across distributed teams and systems.
+
+### Implementation
+
+1. Establish clear security protocols for remote team members
+2. Use secure communication channels for sensitive discussions
+3. Implement strong authentication for all team members
+4. Create guidelines for secure collaboration in a distributed environment
+
+## Smart Contract Vulnerabilities
+
+Addressing the immutable nature of deployed code.
+
+### Implementation
+
+1. Conduct thorough code reviews and security audits before deployment
+2. Implement upgradability patterns where appropriate
+3. Use formal verification where possible
+4. Maintain comprehensive testing environments
+5. Consider timelocks and circuit breakers for critical functions
+
+## Community Dynamics
+
+Managing security in open, community-driven projects.
+
+### Implementation
+
+1. Develop clear security guidelines for community contributors
+2. Establish review processes for community-submitted code
+3. Create security awareness programs for the community
+4. Balance transparency with operational security needs
diff --git a/src/opsec/risk-management.md b/src/opsec/risk-management.md
new file mode 100644
index 00000000..30df94a4
--- /dev/null
+++ b/src/opsec/risk-management.md
@@ -0,0 +1,157 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+ - Devops
+ - SRE
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# Risk Management
+
+> π **Key takeaway**: Risk management transforms threat information into actionable priorities. It helps you determine which threats matter most, where to allocate resources, and how to make security trade-offs that align with business goals.
+
+Effective risk management builds upon threat modeling to assess, prioritize, and mitigate identified security risks. While threat modeling identifies what needs protection and potential attack vectors, risk management determines which threats warrant immediate attention and resources.
+
+## Risk Assessment Process
+
+
+
+> **π Related Framework:** This process builds directly on outputs from [Threat Modeling](../threat-modeling-overview.md).
+
+### Key Components
+
+1. **Impact Analysis**: Estimating the potential consequences of a security incident
+2. **Likelihood Determination**: Assessing the probability of a threat exploiting a vulnerability
+3. **Risk Calculation**: Combining impact and likelihood to determine risk levels
+4. **Risk Prioritization**: Determining which risks to address first
+
+### Implementation Steps
+
+1. For each threat scenario identified in threat modeling, assign impact ratings based on financial, operational, and reputational factors
+2. Determine likelihood based on threat intelligence and historical data
+3. Calculate risk scores (typically Risk = Impact Γ Likelihood)
+4. Prioritize risks based on scores and organizational context
+
+### Prioritization Methodology
+
+Not all risks require the same level of attention. Prioritize based on:
+
+| Factor | Description |
+|--------|-------------|
+| **Risk Level** | Focus on high and critical risks first |
+| **Asset Value** | Prioritize risks to your most valuable assets |
+| **Mitigation Feasibility** | Consider how easily and cost-effectively a risk can be addressed |
+| **Regulatory Requirements** | Address risks with compliance implications |
+| **Strategic Alignment** | Focus on risks that align with strategic security initiatives |
+
+## Trade-off Analysis
+
+Security decisions often involve trade-offs between security, usability, cost, and other factors. Trade-off analysis helps make informed decisions.
+
+### Key Considerations
+
+| Trade-off | Description |
+|-----------|-------------|
+| **Security vs. Usability** | More security controls often mean less convenience |
+| **Cost vs. Risk Reduction** | Security measures must be cost-effective |
+| **Speed vs. Security** | Fast implementation may compromise security |
+| **Centralization vs. Decentralization** | Control vs. resilience |
+| **Transparency vs. Security** | Open information vs. operational secrecy |
+
+### Decision-Making Framework
+
+1. **Define**: Clearly articulate the security challenge and objectives
+2. **Identify**: Enumerate all viable options
+3. **Analyze**: Evaluate each option against established criteria
+4. **Select**: Choose the option that best balances competing priorities
+5. **Implement**: Execute the chosen option
+6. **Review**: Assess the effectiveness of the decision and adjust as needed
+
+## Web3-Specific Considerations
+
+In Web3 environments, risk management must address unique challenges:
+
+### Unique Risk Factors
+
+| Risk Factor | Description |
+|-------------|-------------|
+| **Smart Contract Vulnerabilities** | Immutable code with potential security flaws |
+| **Private Key Management** | Securing cryptographic keys that control assets |
+| **Decentralized Governance** | Distributed decision-making for security matters |
+| **Protocol Inter-dependencies** | Risks from connected protocols and services |
+| **Regulatory Uncertainty** | Evolving legal landscape for blockchain technologies |
+
+### Best Practices for Web3 Organizations
+
+| Practice | Implementation | Primary Risk Addressed |
+|----------|----------------|------------------------|
+| **Key Management** | Implement multi-signature wallets, hardware security, and key rotation procedures | Private key compromise |
+| **Smart Contract Security** | Conduct thorough code audits, formal verification, and staged deployments | Contract vulnerabilities |
+| **Incident Response** | Develop cryptocurrency-specific incident plans with predefined actions | All attack vectors |
+| **Security Governance** | Establish clear security roles even in decentralized organizations | Governance gaps |
+| **Dependency Monitoring** | Regularly audit connected protocols and dependencies | Supply chain attacks |
+| **Regulatory Compliance** | Stay informed about evolving regulations across jurisdictions | Legal/regulatory risks |
+
+Effective risk management enables organizations to allocate security resources efficiently, focusing on the most significant risks while making informed trade-offs between competing priorities. In the Web3 space, this approach must be adapted to address the unique challenges and risk profiles of blockchain-based operations.
+
+
+Example: Risk Assessment for Pinnipeds Inc.
+
+### Pinnipeds Inc. Risk Assessment
+
+Building on the threat vectors identified during threat modeling, Pinnipeds Inc. conducted a risk assessment:
+
+#### Risk Calculation Methodology
+
+| Rating | Impact | Likelihood |
+|--------|--------|------------|
+| **1** | Minimal | Rare |
+| **2** | Minor | Unlikely |
+| **3** | Moderate | Possible |
+| **4** | Major | Likely |
+| **5** | Severe | Almost Certain |
+
+**Formula: Risk Score = Impact Γ Likelihood**
+
+#### High Risk Threats (Score 15-25)
+
+| Threat Scenario | Likelihood | Impact | Risk Score | Reasoning |
+|-----------------|------------|--------|------------|-----------|
+| Treasury wallet compromise | 4 | 5 | 20 | High impact due to direct financial loss; relatively high likelihood given frequency of attacks on crypto companies |
+| Source code theft | 3 | 5 | 15 | High impact due to IP loss and potential backdoor insertion; medium likelihood based on industry intelligence |
+| Phishing of employees | 5 | 3 | 15 | Medium impact as most employees have limited access; very high likelihood based on attack trends |
+
+#### Medium Risk Threats (Score 8-14)
+
+| Threat Scenario | Likelihood | Impact | Risk Score | Reasoning |
+|-----------------|------------|--------|------------|-----------|
+| Client data breach | 3 | 4 | 12 | Major impact to reputation; moderate likelihood based on API exposure |
+| DDoS on infrastructure | 4 | 3 | 12 | Moderate impact on operations; likely to occur given industry trends |
+| AWS credentials leaked | 2 | 5 | 10 | Severe impact if exploited; unlikely due to current controls |
+
+#### Mitigation Decision Process
+
+| Factor | Approach |
+|--------|----------|
+| **Resource allocation** | 60% of security budget allocated to high-risk threats |
+| **Implementation timeline** | High-risk mitigations scheduled for completion within 30 days |
+| **Control selection criteria** | Controls evaluated based on cost, operational impact, effectiveness, and implementation time |
+
+This risk-based approach allowed Pinnipeds Inc. to make informed decisions about which security controls to implement first, focusing resources where they would have the greatest risk-reduction impact.
+
+
+
+## Further Reading & Tools
+
+- [NIST Risk Management Framework](https://csrc.nist.gov/projects/risk-management)
+- [ISO 31000:2018 Risk Management Guidelines](https://www.iso.org/standard/65694.html)
+- [FAIR (Factor Analysis of Information Risk) Framework](https://www.fairinstitute.org/)
+- [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)
+- Tools: SimpleRisk, RiskLens, IriusRisk
\ No newline at end of file
diff --git a/src/opsec/risk-management/risk-assessment-prioritization.md b/src/opsec/risk-management/risk-assessment-prioritization.md
new file mode 100644
index 00000000..9079c490
--- /dev/null
+++ b/src/opsec/risk-management/risk-assessment-prioritization.md
@@ -0,0 +1 @@
+# Risk assessment & prioritization
diff --git a/src/opsec/risk-management/trade-off-analysis.md b/src/opsec/risk-management/trade-off-analysis.md
new file mode 100644
index 00000000..dfe62948
--- /dev/null
+++ b/src/opsec/risk-management/trade-off-analysis.md
@@ -0,0 +1 @@
+# Trade-off analysis
diff --git a/src/opsec/threat-modeling-overview.md b/src/opsec/threat-modeling-overview.md
new file mode 100644
index 00000000..1eff9566
--- /dev/null
+++ b/src/opsec/threat-modeling-overview.md
@@ -0,0 +1,196 @@
+---
+tags:
+ - Security Specialist
+ - Operations & Strategy
+contributors:
+ - role: wrote
+ users: [mattaereal]
+ - role: reviewed
+ users: []
+ - role: fact-checked
+ users: []
+---
+
+# Threat Modeling Overview
+
+> π **Key takeaway**: Think of threat modeling as your security roadmap. It's how you understand what you need to protect, who might try to steal it, and how they might do it. From random hackers to state actors, knowing your potential attackers helps you build defenses that actually matter. It's about being smart with your security resources and focusing on what really needs protection.
+
+Effective security requires understanding **what you're protecting and who you're protecting it from**. Without a structured threat model, security efforts become unfocused and inefficient. Different entities face different threats based on their assets, visibility, and technological footprint.
+
+## Practical guidance
+
+> **π Related Framework:** For detailed approaches, see [Understanding Threat Vectors](../awareness/understanding-threat-vectors.md) and [Threat Modeling](../threat-modeling/) frameworks.
+
+### Asset inventory
+
+1. **Digital value stores**: Document cryptocurrencies, tokens, NFTs, and any assets directly convertible to monetary value
+2. **Credentials & access information**: Catalog passwords, API keys, recovery seeds/phrases, private keys, and other non-physical authentication data
+3. **Hardware & physical devices**:
+ - **Computing devices**: Computers, phones, tablets, servers
+ - **Security hardware**: Hardware wallets, YubiKeys, MFA devices, HSMs
+ - **Physical security**: Office equipment, security systems, physical access controls
+4. **Infrastructure & systems**: Map cloud resources, development environments, network equipment, and third-party services
+5. **Sensitive information & intellectual property**: Track code repositories, proprietary algorithms, customer data, business documents, email archives, and backup files
+6. **Legal & compliance assets**: Identify digital certificates, identity documents, contracts, and regulatory compliance documentation
+
+
+Example: Pinnipeds Inc. asset inventory
+
+### Pinnipeds Inc. Asset Inventory
+
+Pinnipeds Inc. is a small company with 15 employees. Here's how they categorized their assets:
+
+| Asset Category | Items |
+|----------------|-------|
+| **Digital value stores** | β’ Company treasury holding 5 BTC and 50 ETH for operations
β’ Client tokens held in custody during project development
β’ Test tokens on various testnets for development purposes |
+| **Credentials & access information** | β’ Multi-signature wallet configuration (3-of-5 signers)
β’ Password manager company accounts for all employees
β’ Recovery seed phrases (stored separately from devices)
β’ SSH keys for server access
β’ API keys for third-party services |
+| **Hardware & physical devices** | **Computing devices:**
β’ 15 developer laptops with encrypted drives
β’ 5 company mobile phones for executives
β’ 2 physical servers for internal development
**Security hardware:**
β’ Hardware wallets for each founding member (3)
β’ YubiKeys for all developers for GitHub access
β’ Biometric access readers
**Physical security:**
β’ Office security system with cameras
β’ Card readers for building access
β’ Secure storage for sensitive documents |
+| **Infrastructure & systems** | β’ AWS cloud infrastructure for production environments
β’ GitHub organization with private repositories
β’ CI/CD pipeline tools (Jenkins, GitHub Actions)
β’ Company VPN for remote work
β’ Slack and Discord for internal and client communications |
+| **Sensitive information & IP** | β’ Custom smart contract code for clients
β’ Internal research on blockchain optimization
β’ Client database with contact and project information
β’ Financial records and business strategy documents
β’ Employee personal information |
+| **Legal & compliance assets** | β’ Company incorporation documents
β’ Client contracts and NDAs
β’ Regulatory compliance documentation for different jurisdictions
β’ SSL certificates for company websites
β’ Code audit reports and security assessments |
+
+
+
+### Adversary analysis
+
+1. **Classify potential attackers by tiers**:
+ - **Tier 1 (Opportunistic)**: Random cybercriminals, script kiddies, automated scanners
+ - **Tier 2 (Targeted)**: Organized crime groups, corporate competitors, angry ex-employees
+ - **Tier 3 (Advanced)**: Nation-state actors, APT groups, sophisticated criminal syndicates
+2. **Document adversary capabilities and motivations**:
+ - Technical capabilities and resources
+ - Financial motivations or strategic goals
+ - Persistence level (hit-and-run vs. long-term compromise)
+
+
+Example: Analysis of adversaries targeting Pinnipeds Inc.
+
+### Pinnipeds Inc. Adversary Analysis
+
+| Adversary Tier | Characteristics | Examples & Techniques |
+|----------------|-----------------|------------------------|
+| **Tier 1 (Opportunistic)** | **Who**: Individual hackers, script kiddies, automated scanners/bots
**Motivations**: Quick financial gain, building reputation, opportunistic theft
**Capabilities**: Using public exploits, basic phishing, automated scanning tools
**Targets**: Public-facing infrastructure, employee email accounts, known vulnerabilities | β’ Crypto wallet draining scams
β’ Generic phishing campaigns
β’ Website defacement
β’ Automated vulnerability scanning |
+| **Tier 2 (Targeted)** | **Who**: Organized criminal groups, competitors, disgruntled former employees
**Motivations**: Financial theft, competitive advantage, sabotage, revenge
**Capabilities**: Custom malware, spear phishing, social engineering, persistent attacks
**Targets**: Company treasury wallets, intellectual property, client data, employee credentials | β’ Targeted social engineering of specific developers
β’ Custom exploits for Pinnipeds' systems
β’ Extended reconnaissance operations
β’ Sophisticated phishing campaigns |
+| **Tier 3 (Advanced)** | **Who**: Nation-state actors, sophisticated criminal syndicates, APT groups
**Motivations**: Strategic intelligence, large-scale financial theft, disruption
**Capabilities**: Zero-day exploits, supply chain attacks, long-term persistence, stealth techniques
**Targets**: Crypto treasury, proprietary algorithms, strategic business information, infrastructure access | β’ Lazarus Group's systematic targeting of cryptocurrency organizations
β’ Supply chain compromises
β’ Advanced persistent threats with long dwell times
β’ Multi-stage attack campaigns |
+
+
+
+### Attack vector mapping
+
+1. **Map potential attack vectors**:
+ - Technical: Zero-day exploits, vulnerability exploitation, network attacks
+ - Social: Phishing, social engineering, insider threats
+ - Physical: Device theft, office intrusion, hardware tampering
+ - Operational: SIM swapping, supply chain compromise, third-party breaches
+2. **Document potential attack scenarios** for each critical asset
+3. **Link attack vectors to adversary capabilities** identified in your adversary analysis
+
+
+Example: Attack Vector Mapping for Pinnipeds Inc.
+
+### Pinnipeds Inc. Attack Vector Analysis
+
+#### Critical Asset: Treasury Wallet (Financial)
+
+| Attack Vector | Description | Relevant Adversary |
+|---------------|-------------|-------------------|
+| Phishing | Targeted emails to obtain wallet credentials | Tier 1-2 attackers |
+| Social engineering | Manipulating employees to gain access | Tier 2 attackers |
+| Supply chain compromise | Compromised wallet software | Tier 3 attackers |
+| Insider threat | Disgruntled employee with access | Tier 2 attackers |
+
+#### Critical Asset: Source Code (Intellectual Property)
+
+| Attack Vector | Description | Relevant Adversary |
+|---------------|-------------|-------------------|
+| GitHub account compromise | Targeting developer credentials | Tier 1-3 attackers |
+| CI/CD pipeline injection | Injecting malicious code during build | Tier 3 attackers |
+| Code repository breach | Direct attack on GitHub infrastructure | Tier 3 attackers |
+| Developer machine compromise | Targeting local development environment | Tier 2-3 attackers |
+
+#### Critical Asset: Client Data (Customer Information)
+
+| Attack Vector | Description | Relevant Adversary |
+|---------------|-------------|-------------------|
+| Database exploitation | SQL injection or other DB vulnerabilities | Tier 1-2 attackers |
+| AWS credential theft | Stolen cloud access credentials | Tier 2 attackers |
+| API vulnerabilities | Insecure API endpoints | Tier 1-2 attackers |
+| Data in transit interception | Man-in-the-middle attacks | Tier 2-3 attackers |
+
+
+
+## Why is it important
+
+Failure to implement threat modeling has led to catastrophic security breaches:
+
+- [How Threat Modeling Could Have Prevented the 1.5B ByBit Hack](https://blog.trailofbits.com/2025/02/25/how-threat-modeling-could-have-prevented-the-1.5b-bybit-hack/)
+- [North Korea's Lazarus Group stole $620 million from Axie Infinity's Ronin bridge (2022)](https://home.treasury.gov/news/press-releases/jy0768) through a sophisticated attack targeting blockchain infrastructure
+- [The Nomad bridge lost $190 million (2022)](https://medium.com/nomad-xyz-blog/nomad-bridge-hack-root-cause-analysis-875ad2e5aacd) through a critical vulnerability that allowed attackers to bypass transaction validation
+- [The 2020 Twitter compromise](https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident) resulted in hijacked high-profile accounts being used for cryptocurrency scams
+
+Organizations that implement threat modeling can focus limited security resources on their most significant risks, avoiding both over-protection of low-value assets and under-protection of critical systems.
+
+Without threat modeling, organizations often distribute security resources evenly across all assets regardless of risk levels. A real-world example shows how costly this approach can be: a DeFi protocol failed to properly identify potential attack vectors, focusing extensively on their website and marketing infrastructure while overlooking smart contract security. The result was a million-dollar exploit through a contract vulnerability that proper threat modeling would have identified as a critical attack vector. Effective threat modeling ensures security teams can identify and document all potential attack paths - enabling risk management teams to later assess and prioritize these threats effectively.
+
+## Implementation details
+
+| When to implement | Description |
+|-------------------|-------------|
+| Initial development | Create baseline threat model before launching any crypto project |
+| Regular reviews | Update quarterly or when significant changes occur |
+| After incidents | Revise after any security breach or near-miss |
+| Team changes | Review when onboarding key personnel |
+
+**Role-specific considerations:**
+
+- **Security specialists**: Lead the threat modeling process, provide intelligence on current threats
+- **Operations**: Contribute infrastructure knowledge and implement technical controls
+- **Developers**: Identify code-level vulnerabilities and secure development practices
+- **HR/Management**: Address insider threat risks and security awareness training
+- **Community/Marketing**: Consider reputation risks and public-facing attack surfaces
+
+## Common pitfalls & examples
+
+- **Tunnel vision**: The Colonial Pipeline attack (2021) succeeded through a legacy VPN account without MFA, while the company focused security resources on operational technology
+- **Unrealistic scenarios**: Many organizations over-invested in zero-day defense while leaving basic phishing vulnerabilities open
+- **Static models**: Equifax's 2017 breach occurred partly because threat models weren't updated to reflect new attack patterns
+- **Insider blindness**: The 2020 Twitter compromise of high-profile accounts happened when internal admin tools weren't included in threat modeling
+
+## Quick-reference / Cheat sheet
+
+### STRIDE Threat Categorization
+
+| Category | Description | Example Mitigation |
+|----------|-------------|-------------------|
+| **S**poofing | Identity impersonation | Strong authentication, signing |
+| **T**ampering | Unauthorized modifications | Integrity checks, access controls |
+| **R**epudiation | Denying performed actions | Logging, audit trails |
+| **I**nformation disclosure | Exposing sensitive data | Encryption, minimal privileges |
+| **D**enial of service | Disrupting availability | Rate limiting, redundancy |
+| **E**levation of privilege | Gaining unauthorized access | Least privilege, segmentation |
+
+### Attack Tree Example
+
+```
+Goal: Steal crypto assets
+βββ Compromise user wallet
+β βββ Phishing attack
+β β βββ Mitigate: Security awareness training
+β βββ Malware infection
+β βββ Mitigate: Endpoint protection
+βββ Attack exchange
+β βββ API key theft
+β β βββ Mitigate: IP restrictions, 2FA
+β βββ Credential stuffing
+β βββ Mitigate: Unique passwords, MFA
+βββ SIM swapping
+ βββ Mitigate: Hardware keys, non-SMS 2FA
+```
+
+## Further Reading & Tools
+
+- [NIST SP 800-154: Guide to Data-Centric System Threat Modeling](https://csrc.nist.gov/publications/detail/sp/800-154/draft)
+- [OWASP Threat Modeling Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html)
+- [Microsoft STRIDE Model](https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats)
+- [MITRE ATT&CK Framework](https://attack.mitre.org/)
+- Tools: Microsoft Threat Modeling Tool, OWASP Threat Dragon
diff --git a/src/key-management/README.md b/src/wallet-security/README.md
similarity index 65%
rename from src/key-management/README.md
rename to src/wallet-security/README.md
index d5a2cd84..425b3f12 100644
--- a/src/key-management/README.md
+++ b/src/wallet-security/README.md
@@ -4,10 +4,10 @@ tags:
- Security Specialist
---
-# Key Management
+# Wallet Security
-Cryptocurrency relies on cryptographic keys to secure transactions and manage ownership of digital assets. Proper key management is essential to protect these assets from theft, loss, and unauthorized access. This guide covers the fundamental aspects of key management, offering insights into different types of wallets, signing schemes, and best practices to ensure a high level of security.
+Cryptocurrency relies on cryptographic keys to secure transactions and manage ownership of digital assets. Proper wallet security is essential to protect these assets from theft, loss, and unauthorized access. This guide covers the fundamental aspects of wallet security, offering insights into different types of wallets, signing schemes, and best practices to ensure a high level of security.
In this section you can:
- Learn the differences between cold and hot wallets, their use cases, and how to choose the right one for your needs.
@@ -17,7 +17,7 @@ In this section you can:
- Discover various software wallets, their features, and how they can be used securely to manage cryptocurrency assets.
-Effective key management is the cornerstone of cryptocurrency security, including taking physical attacks such as the wrench attack into consideration.
+Effective wallet security is the cornerstone of cryptocurrency security, including taking physical attacks such as the wrench attack into consideration.
diff --git a/src/key-management/cold-vs-hot-wallet.md b/src/wallet-security/cold-vs-hot-wallet.md
similarity index 100%
rename from src/key-management/cold-vs-hot-wallet.md
rename to src/wallet-security/cold-vs-hot-wallet.md
diff --git a/src/key-management/custodial-vs-non-custodial.md b/src/wallet-security/custodial-vs-non-custodial.md
similarity index 93%
rename from src/key-management/custodial-vs-non-custodial.md
rename to src/wallet-security/custodial-vs-non-custodial.md
index 35f75c66..c2fb4bea 100644
--- a/src/key-management/custodial-vs-non-custodial.md
+++ b/src/wallet-security/custodial-vs-non-custodial.md
@@ -15,7 +15,7 @@ Custodial wallets are managed by a third party, such as an exchange or a wallet
### Characteristics
- **Managed Private Keys**: The third party has control over the private keys.
- **Recovery Options**: Easier to recover access if credentials are lost, as the third party can assist.
-- **Security Dependence**: Security depends on the third partyβs practices and infrastructure.
+- **Security Dependence**: Security depends on the third party's practices and infrastructure.
### Use Cases
- **New Users**: Suitable for users who are new to cryptocurrency and prefer a simpler, managed solution.
@@ -32,7 +32,7 @@ Non-custodial wallets are managed by the user, who has full control over their p
- **Responsibility**: The user is solely responsible for backing up and securing their keys.
### Use Cases
-- **Experienced Users**: Suitable for users who have a good understanding of cryptocurrency and key management.
+- **Experienced Users**: Suitable for users who have a good understanding of cryptocurrency and wallet security.
- **Security Prioritization**: Ideal for users who prioritize security and control over convenience.
## Comparison
diff --git a/src/key-management/hardware-wallets.md b/src/wallet-security/hardware-wallets.md
similarity index 100%
rename from src/key-management/hardware-wallets.md
rename to src/wallet-security/hardware-wallets.md
diff --git a/src/key-management/signing-schemes.md b/src/wallet-security/signing-schemes.md
similarity index 100%
rename from src/key-management/signing-schemes.md
rename to src/wallet-security/signing-schemes.md
diff --git a/src/key-management/software-wallets.md b/src/wallet-security/software-wallets.md
similarity index 100%
rename from src/key-management/software-wallets.md
rename to src/wallet-security/software-wallets.md
diff --git a/theme/tags/tagsindex.js b/theme/tags/tagsindex.js
deleted file mode 100644
index ef303f97..00000000
--- a/theme/tags/tagsindex.js
+++ /dev/null
@@ -1,16 +0,0 @@
-const tagsIndex = {
- "Cloud": ["infrastructure/cloud.html", "infrastructure/ddos-protection.html", "infrastructure/network-security.html", "infrastructure/index.html", "security-automation/compliance-checks.html", "security-automation/infrastructure-as-code.html", "security-automation/index.html", "encryption/cloud-data-encryption.html", "encryption/index.html"],
- "Community & Marketing": ["community-management/discord.html", "community-management/twitter.html", "community-management/telegram.html", "community-management/google.html", "community-management/index.html", "awareness/core-awareness-principles.html", "awareness/understanding-threat-vectors.html", "awareness/cultivating-a-security-aware-mindset.html", "awareness/staying-informed-and-continuous-learning.html", "awareness/resources-and-further-reading.html", "awareness/index.html"],
- "DAO": ["safe-harbor/protocol.html", "safe-harbor/index.html"],
- "Devops": ["operational-security/g-suite-security.html", "operational-security/standard-operating-environment.html", "operational-security/index.html", "external-security-reviews/preparation.html", "external-security-reviews/index.html", "vulnerability-disclosure/index.html", "infrastructure/asset-inventory.html", "infrastructure/cloud.html", "infrastructure/ddos-protection.html", "infrastructure/network-security.html", "infrastructure/operating-system-security.html", "infrastructure/index.html", "front-end-web-app/common-vulnerabilities.html", "front-end-web-app/index.html", "incident-management/lessons-learned.html", "incident-management/index.html", "threat-modeling/identity-mitigate-threats.html", "governance/compliance-regulatory-requirements.html", "devsecops/code-signing.html", "devsecops/continuous-integration-continuous-deployment.html", "devsecops/integrated-development-environments.html", "devsecops/repository-hardening.html", "devsecops/security-testing.html", "devsecops/index.html", "privacy/index.html", "supply-chain/index.html", "security-automation/threat-detection-response.html", "security-automation/compliance-checks.html", "security-automation/infrastructure-as-code.html", "security-automation/index.html", "iam/role-based-access-control.html", "iam/secure-authentication.html", "iam/access-management.html", "secure-software-development/secure-code-repositories-version-control.html", "secure-software-development/index.html", "security-testing/index.html", "encryption/cloud-data-encryption.html", "encryption/index.html"],
- "Engineer/Developer": ["awareness/core-awareness-principles.html", "awareness/understanding-threat-vectors.html", "awareness/cultivating-a-security-aware-mindset.html", "awareness/staying-informed-and-continuous-learning.html", "awareness/resources-and-further-reading.html", "awareness/index.html", "operational-security/g-suite-security.html", "operational-security/standard-operating-environment.html", "key-management/cold-vs-hot-wallet.html", "key-management/custodial-vs-non-custodial.html", "key-management/hardware-wallets.html", "key-management/signing-schemes.html", "key-management/software-wallets.html", "key-management/index.html", "vulnerability-disclosure/security-contact.html", "vulnerability-disclosure/bug-bounties.html", "vulnerability-disclosure/index.html", "infrastructure/asset-inventory.html", "infrastructure/cloud.html", "infrastructure/ddos-protection.html", "infrastructure/dns-and-domain-registration.html", "infrastructure/identity-and-access-management.html", "infrastructure/network-security.html", "infrastructure/operating-system-security.html", "infrastructure/zero-trust-principles.html", "infrastructure/index.html", "monitoring/guidelines.html", "monitoring/thresholds.html", "monitoring/index.html", "front-end-web-app/web-application-security.html", "front-end-web-app/mobile-application-security.html", "front-end-web-app/common-vulnerabilities.html", "front-end-web-app/security-tools-resources.html", "front-end-web-app/index.html", "threat-modeling/create-maintain-threat-models.html", "threat-modeling/identity-mitigate-threats.html", "threat-modeling/index.html", "devsecops/code-signing.html", "devsecops/continuous-integration-continuous-deployment.html", "devsecops/integrated-development-environments.html", "devsecops/repository-hardening.html", "devsecops/security-testing.html", "devsecops/index.html", "privacy/secure-browsing.html", "privacy/data-removal-services.html", "privacy/digital-footprint.html", "privacy/encrypted-communication-tools.html", "privacy/financial-privacy-services.html", "privacy/privacy-focused-operating-systems-tools.html", "privacy/vpn-services.html", "privacy/index.html", "supply-chain/dependency-awareness.html", "supply-chain/supply-chain-levels-software-artifacts.html", "supply-chain/index.html", "security-automation/threat-detection-response.html", "security-automation/compliance-checks.html", "security-automation/infrastructure-as-code.html", "security-automation/index.html", "iam/role-based-access-control.html", "iam/secure-authentication.html", "iam/access-management.html", "iam/index.html", "secure-software-development/secure-coding-standards-guidelines.html", "secure-software-development/code-reviews-peer-audits.html", "secure-software-development/secure-code-repositories-version-control.html", "secure-software-development/threat-modeling-secure-design-principles.html", "secure-software-development/index.html", "security-testing/dynamic-application-security-testing.html", "security-testing/fuzz-testing.html", "security-testing/index.html", "ens/data-integrity-verification.html", "ens/cross-chain-compatibility.html", "ens/smart-contract-integration.html", "ens/interface-compliance.html", "ens/name-handling-normalization.html", "ens/index.html", "encryption/cloud-data-encryption.html", "encryption/communication-encryption.html", "encryption/database-encryption.html", "encryption/email-encryption.html", "encryption/encryption-in-transit.html", "encryption/file-encryption.html", "encryption/full-disk-encryption.html", "encryption/hardware-encryption.html", "encryption/partition-encryption.html", "encryption/volume-encryption.html", "encryption/index.html"],
- "Finance": ["key-management/hardware-wallets.html"],
- "HR": ["awareness/core-awareness-principles.html", "awareness/understanding-threat-vectors.html", "awareness/cultivating-a-security-aware-mindset.html", "awareness/staying-informed-and-continuous-learning.html", "awareness/resources-and-further-reading.html", "awareness/index.html", "operational-security/g-suite-security.html", "external-security-reviews/security-policies-procedures.html", "governance/compliance-regulatory-requirements.html", "iam/role-based-access-control.html", "iam/secure-authentication.html", "iam/access-management.html"],
- "Legal & Compliance": ["external-security-reviews/security-policies-procedures.html", "governance/compliance-regulatory-requirements.html", "governance/risk-management.html", "governance/security-metrics-kpis.html", "governance/index.html"],
- "Operations & Strategy": ["intro/overview-of-each-framework.html", "awareness/core-awareness-principles.html", "awareness/understanding-threat-vectors.html", "awareness/cultivating-a-security-aware-mindset.html", "awareness/staying-informed-and-continuous-learning.html", "awareness/resources-and-further-reading.html", "awareness/index.html", "operational-security/detecting-and-mitigating-insider-threats.html", "operational-security/g-suite-security.html", "operational-security/password-secrets-management.html", "operational-security/physical-security.html", "operational-security/sim-swapping.html", "operational-security/telegram.html", "operational-security/wireless-security.html", "operational-security/index.html", "key-management/hardware-wallets.html", "external-security-reviews/expectation.html", "external-security-reviews/preparation.html", "external-security-reviews/security-policies-procedures.html", "external-security-reviews/vendor-selection.html", "external-security-reviews/index.html", "infrastructure/cloud.html", "infrastructure/ddos-protection.html", "infrastructure/dns-and-domain-registration.html", "infrastructure/network-security.html", "infrastructure/operating-system-security.html", "infrastructure/zero-trust-principles.html", "incident-management/communication-strategies.html", "incident-management/incident-detection-and-response.html", "incident-management/lessons-learned.html", "incident-management/playbooks.html", "incident-management/seal-911-war-room-guidelines.html", "incident-management/index.html", "governance/compliance-regulatory-requirements.html", "governance/risk-management.html", "governance/security-metrics-kpis.html", "governance/index.html", "iam/role-based-access-control.html", "iam/secure-authentication.html", "iam/access-management.html", "iam/index.html", "security-testing/index.html"],
- "Protocol": ["safe-harbor/protocol.html", "safe-harbor/index.html"],
- "SEAL/Initiative": ["intro/introduction.html", "safe-harbor/protocol.html", "safe-harbor/whitehat.html", "safe-harbor/index.html"],
- "SRE": ["operational-security/standard-operating-environment.html", "operational-security/index.html", "infrastructure/asset-inventory.html", "infrastructure/cloud.html", "infrastructure/ddos-protection.html", "infrastructure/network-security.html", "infrastructure/operating-system-security.html", "infrastructure/index.html", "incident-management/lessons-learned.html", "incident-management/index.html", "devsecops/continuous-integration-continuous-deployment.html", "devsecops/security-testing.html", "devsecops/index.html", "security-automation/threat-detection-response.html", "security-automation/compliance-checks.html", "security-automation/infrastructure-as-code.html", "security-automation/index.html", "security-testing/index.html"],
- "Security Specialist": ["intro/overview-of-each-framework.html", "community-management/discord.html", "community-management/google.html", "awareness/core-awareness-principles.html", "awareness/understanding-threat-vectors.html", "awareness/cultivating-a-security-aware-mindset.html", "awareness/staying-informed-and-continuous-learning.html", "awareness/resources-and-further-reading.html", "awareness/index.html", "operational-security/detecting-and-mitigating-insider-threats.html", "operational-security/g-suite-security.html", "operational-security/password-secrets-management.html", "operational-security/physical-security.html", "operational-security/sim-swapping.html", "operational-security/standard-operating-environment.html", "operational-security/telegram.html", "operational-security/wireless-security.html", "operational-security/index.html", "key-management/cold-vs-hot-wallet.html", "key-management/custodial-vs-non-custodial.html", "key-management/hardware-wallets.html", "key-management/signing-schemes.html", "key-management/software-wallets.html", "key-management/index.html", "external-security-reviews/expectation.html", "external-security-reviews/preparation.html", "external-security-reviews/security-policies-procedures.html", "external-security-reviews/vendor-selection.html", "external-security-reviews/index.html", "vulnerability-disclosure/security-contact.html", "vulnerability-disclosure/bug-bounties.html", "vulnerability-disclosure/index.html", "infrastructure/asset-inventory.html", "infrastructure/cloud.html", "infrastructure/ddos-protection.html", "infrastructure/dns-and-domain-registration.html", "infrastructure/identity-and-access-management.html", "infrastructure/network-security.html", "infrastructure/operating-system-security.html", "infrastructure/zero-trust-principles.html", "infrastructure/index.html", "monitoring/guidelines.html", "monitoring/thresholds.html", "monitoring/index.html", "front-end-web-app/web-application-security.html", "front-end-web-app/mobile-application-security.html", "front-end-web-app/common-vulnerabilities.html", "front-end-web-app/security-tools-resources.html", "front-end-web-app/index.html", "incident-management/communication-strategies.html", "incident-management/incident-detection-and-response.html", "incident-management/lessons-learned.html", "incident-management/playbooks.html", "incident-management/seal-911-war-room-guidelines.html", "incident-management/index.html", "threat-modeling/create-maintain-threat-models.html", "threat-modeling/identity-mitigate-threats.html", "threat-modeling/index.html", "devsecops/code-signing.html", "devsecops/continuous-integration-continuous-deployment.html", "devsecops/integrated-development-environments.html", "devsecops/repository-hardening.html", "devsecops/security-testing.html", "devsecops/index.html", "privacy/secure-browsing.html", "privacy/data-removal-services.html", "privacy/digital-footprint.html", "privacy/encrypted-communication-tools.html", "privacy/financial-privacy-services.html", "privacy/privacy-focused-operating-systems-tools.html", "privacy/vpn-services.html", "privacy/index.html", "supply-chain/dependency-awareness.html", "supply-chain/supply-chain-levels-software-artifacts.html", "supply-chain/index.html", "security-automation/threat-detection-response.html", "security-automation/compliance-checks.html", "security-automation/infrastructure-as-code.html", "security-automation/index.html", "iam/role-based-access-control.html", "iam/secure-authentication.html", "iam/access-management.html", "iam/index.html", "secure-software-development/secure-coding-standards-guidelines.html", "secure-software-development/code-reviews-peer-audits.html", "secure-software-development/secure-code-repositories-version-control.html", "secure-software-development/threat-modeling-secure-design-principles.html", "secure-software-development/index.html", "security-testing/dynamic-application-security-testing.html", "security-testing/fuzz-testing.html", "security-testing/security-regression-testing.html", "security-testing/static-application-security-testing.html", "security-testing/index.html", "ens/data-integrity-verification.html", "ens/cross-chain-compatibility.html", "ens/smart-contract-integration.html", "ens/interface-compliance.html", "ens/name-handling-normalization.html", "ens/index.html", "encryption/cloud-data-encryption.html", "encryption/communication-encryption.html", "encryption/database-encryption.html", "encryption/email-encryption.html", "encryption/encryption-in-transit.html", "encryption/file-encryption.html", "encryption/full-disk-encryption.html", "encryption/hardware-encryption.html", "encryption/partition-encryption.html", "encryption/volume-encryption.html", "encryption/index.html"],
- "Whitehat": ["safe-harbor/whitehat.html", "safe-harbor/index.html"],
-};
diff --git a/wordlist.txt b/wordlist.txt
index cbfdf370..aa6be532 100644
--- a/wordlist.txt
+++ b/wordlist.txt
@@ -339,4 +339,57 @@ upgradeability
upgradeable
UTS
Vercel's
-ZWJ
\ No newline at end of file
+ZWJ
+aml
+att
+axie
+centric
+doxxing
+equifax's
+frontend
+iriusrisk
+mempool
+mitre
+mortem
+onboarding
+offboarding
+pinniped
+pseudonymity
+ronin
+saas
+validator
+ampering
+decrypted
+dependant
+descentralized
+doxing
+enial
+epudiation
+extractable
+hotspot
+linkability
+nformation
+offboarding
+onboarding
+poofing
+practinces
+reimage
+reoccurrence
+requestor
+roadmap
+succint
+testnet
+timelock
+upgradability
+workspace
+Pinnipeds
+testnets
+timelocks
+takedown
+workspaces
+Mortems
+levation
+exfiltration
+validators
+hotspots
+Terpin's
\ No newline at end of file