Updates (17 Aug - 21 Aug 2020)

Progress / Completed

Data Classification - GRC

Data Classification - Drafting Piloting Plan and updated confluence pages.

Traveloka EISA

EISA - PAT

OSC Maturity Assessment - GRC

Corporate Approved Tools - Finalizing the Confluence Page.
VM - Vulnerability Tracking & Risk Deviation / Acceptance Tracking (ongoing):

https://29022131.atlassian.net/browse/SECURITY-566 (P2 S1 - Resolved)
https://29022131.atlassian.net/browse/SECURITY-567 (P2 S1 - Resolved)
https://29022131.atlassian.net/browse/SECURITY-568 (P2 S2 - Triaging)
https://29022131.atlassian.net/browse/SECURITY-569 (P1 S0 - New)

Plan / Work in progress

EISA

EISA - PAT

Organization Service Catalog Assessment (SecOps, OffSec, ProdSec)

GRC OSC Maturity Assessment - review

EISA - IPT

Prioritization Feedback
Maturity Assessment

Data Classification - GRC

Initiate the piloting (data identification and labelling )

Corporate Approved Tools - GRC

Wrap up the project.

Container Security - SecOps, ProdSec

researching best practices, tools and processes

Vulnerability Management Program Improvement:

Going on the next plan to include SecOps in the VMP
Integrate ProdSec Jira to VMP Dashboard

Vulnerability Tracking (ongoing):

Identify vulnerability level, risk rating, and provide recommendation;
Coordinating with users / product owners for the identified vulnerability;
Follow up correction and corrective action for the identified vulnerability;

Risk Deviation / Acceptance Tracking (ongoing):

Coordinating with users / product owners for the risk deviation / acceptance

Roadblocks / Problems

VMP - Unable to renew expired SSL certificate in Dashboard & Vuln Ratings Tools, because I don’t have access to DNS management, only Fariski has access to it.

Misc
-