Updates (14 Sep - 25 Sep 2020)
Progress / Completed
- Data Classification - GRC
- Project started - Met with GRC and SecOps team to introduce Data Classification Template (completed)
- Traveloka EISA
- EISA - PAT
- GRC OSC Maturity Assessment - finalization (completed)
- OffSec OSC Maturity Assessment
- Vulnerability Management Program Improvement
- ProdSec - Pre-Production VMP procedure draft (completed)
- VM - Vulnerability Tracking & Risk Deviation / Acceptance Tracking (ongoing):
Plan / Work in progress
- EISA
- EISA - PAT
- Organization Service Catalog Assessment (SecOps, ProdSec)
- EISA - IPT
- Prioritization Feedback
- Maturity Assessment
- Data Classification - GRC
- Meet with Offsec and Prodsec Team
- Gather the completed templates from each team
- Container Security - SecOps, ProdSec
- researching best practices, tools and processes
- Vulnerability Management Program Improvement:
- Going on the next plan to include SecOps in the VMP
- ProdSec
- Publish ProdSec - Pre-Production VMP procedure
- Vulnerability Tracking (ongoing):
- Identify vulnerability level, risk rating, and provide recommendation;
- Coordinating with users / product owners for the identified vulnerability;
- Follow up correction and corrective action for the identified vulnerability;
- Risk Deviation / Acceptance Tracking (ongoing):
- Coordinating with users / product owners for the risk deviation / acceptance
Roadblocks / Problems
- VMP - Unable to renew expired SSL certificate in Dashboard & Vuln Ratings Tools, because I don’t have access to DNS management, only Fariski has access to it.
Misc
-