Evidence Index
Purpose
This page provides the canonical index of all security evidence collected within the Scheol Security Lab.
It ensures that evidence is:
- uniquely identified
- linked to risks, controls and validation scenarios
- traceable over time
- accessible for review and audit purposes
Evidence represents practical proof that controls are implemented and functioning.
Evidence Index
| Evidence ID | Title | Related Control(s) | Related Risk(s) | Source | Type | Date | Status | Link |
|---|---|---|---|---|---|---|---|---|
| E-001 | SSH Failed Login Logging | C-005 | R-003 | VPS SSH logs | Validation | N/A | Planned | View |
| E-002 | Reverse Proxy Access Logging | C-001 | R-001 | Nginx logs | Operational | N/A | Planned | View |
| E-003 | CrowdSec IP Ban Trigger | C-004 / C-005 | R-003 | CrowdSec | Validation | N/A | Planned | View |
Evidence Status Model
Each evidence item is assigned one of the following statuses:
| Status | Description |
|---|---|
| Planned | Evidence identified but not yet collected |
| Collected | Evidence captured and documented |
| Validated | Evidence reviewed and confirms control effectiveness |
| Outdated | Evidence no longer reflects current state |
Evidence Types
Evidence is categorized to reflect its nature:
- Configuration → system or security configuration
- Operational → logs and runtime behavior
- Validation → results from verification scenarios
- Recovery → resilience and restoration proof
Collection Principles
Evidence must be:
- relevant → directly linked to a control or risk
- minimal → avoid unnecessary duplication
- understandable → readable without deep technical context
- verifiable → reproducible if needed
Traceability Rules
Each evidence must be linked to:
- at least one control (C-XXX)
- at least one risk (R-XXX)
Optional but recommended:
- a verification scenario (V-XXX)
Relationship with Other Sections
Evidence is the final layer of the security model:
- Risk Register → defines what must be protected
- Control Framework → defines how it is protected
- Validation & Monitoring → tests effectiveness
- Audit & Evidence → proves effectiveness
Governance Rule
No critical control should exist without at least one associated evidence.
Current Scope
At the current stage:
- evidence coverage is limited and focused
- only high-value controls are targeted
- evidence is manually collected
This ensures:
- consistency with lab maturity
- avoidance of unnecessary complexity
- focus on meaningful validation
Current Maturity
Evidence management is considered early but structured.
Established
- evidence identification model
- initial linkage with controls and risks
- defined structure and index
In Progress
- collection of first real evidence items
- linkage with verification scenarios
- improvement of traceability
Planned / Next Phase
- systematic evidence collection per control
- centralized evidence storage
- improved audit-readiness
- partial automation of evidence generation
This index will evolve as validation activities increase and controls mature.