Updates (25 May - 29 May 2020)

Progress / Completed

VM - Vulnerability Tracking & Risk Deviation / Acceptance Tracking (ongoing):

https://29022131.atlassian.net/browse/SECURITY-551 (P3 S2 - New)
https://29022131.atlassian.net/browse/SECURITY-552 (P3 S2 - New)
https://29022131.atlassian.net/browse/SECURITY-553 (P3 S2 - New)
https://29022131.atlassian.net/browse/SECURITY-554 (P3 S2 - New)
https://29022131.atlassian.net/browse/SECURITY-555 (P3 S2 - New)
https://29022131.atlassian.net/browse/SECURITY-556 (P3 S2 - New)
https://29022131.atlassian.net/browse/SECURITY-557 (P3 S2 - New)

Corporate Approved Tools - Working on GRC OKR

Discuss with other stakeholders

Data Classification - Working on GRC OKR

Revisit Data Classification Self Assessment Questionnaires (SAQ)

EISA NIST CSF - Set Goals (EISA Objectives, Priorities, and Scope)

EISA OPS - Draft finalization

Plan / Work in progress

EISA NIST CSF - Start working on OKR Draft:

Create or Determine a Current Detailed Profile (CDF);
Create a Target Detailed Profile;
Analyzed Any Gaps and Identify the Actions Needed;
Implementation;
Continual Improvement.

Vulnerability Tracking (ongoing):

Identify vulnerability level, risk rating, and provide recommendation;
Coordinating with users / product owners for the identified vulnerability;
Follow up correction and corrective action for the identified vulnerability;

Risk Deviation / Acceptance Tracking (ongoing):

Coordinating with users / product owners for the risk deviation / acceptance

Roadblocks / Problems
-

Misc
-