Updates (26 Oct - 06 Nov 2020)
Progress / Completed
- Redefined InfoSec Services (GRC, OffSec, ProdSec, SecOps)
- Traveloka EISA
- EISA - PAT
- OffSec OSC Mapping (cont)
- OffSec OSC Maturity Assessment (cont)
- Container Security - SecOps, ProdSec
- VM - Vulnerability Tracking & Risk Deviation / Acceptance Tracking (ongoing):
Plan / Work in progress
- EISA
- EISA - PAT
- Organization Service Catalog Assessment (SecOps, ProdSec)
- EISA - IPT
- Prioritization Feedback
- Maturity Assessment
- Container Security - SecOps, ProdSec
- researching best practices, tools and processes
- drafting container security docs
- Redefined InfoSec Services (GRC, OffSec, ProdSec, SecOps)
- Finalized confluence page
- Create new service desk (Jira Ticket)
- Vulnerability Management Program Improvement:
- Going on the next plan to include SecOps in the VMP
- ProdSec
- Create ProdSec - Pre-Production VMP dashboard
- New ProdSec Jira Security Issue Tracker is not yet in use.
- Vulnerability Tracking (ongoing):
- Identify vulnerability level, risk rating, and provide recommendation;
- Coordinating with users / product owners for the identified vulnerability;
- Follow up correction and corrective action for the identified vulnerability;
- Risk Deviation / Acceptance Tracking (ongoing):
- Coordinating with users / product owners for the risk deviation / acceptance
Roadblocks / Problems
-
Misc
-