32
edits
Security/InfoSec: Difference between revisions
Automated sync from https://github.com/mozilla/wikimo_opsec
(Automated sync from https://github.com/mozilla/wikimo_opsec) |
(Automated sync from https://github.com/mozilla/wikimo_opsec) |
||
| Line 112: | Line 112: | ||
=== Description === | === Description === | ||
Test driven systems security uses | Test driven systems security uses a battery of tests run against a system to evaluate its conformance with security best practices. The tests can be ran daily, or trigger on-demand, making it easy to implement and review security controls in real time. | ||
=== What you can do with this service === | === What you can do with this service === | ||
* Obtain a | * Obtain a detailed view of the security controls deployed on a system, or across an infrastructure. | ||
* Fast iterations on the implementation and review of security controls. This is designed to accelerate the feedback loop between operational and security teams. immediate feedback is necessary. | * Fast iterations on the implementation and review of security controls. This is designed to accelerate the feedback loop between operational and security teams. immediate feedback is necessary. | ||
| Line 126: | Line 126: | ||
: 30 minutes meeting with InfoSec. | : 30 minutes meeting with InfoSec. | ||
; Service request | ; Service request | ||
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component= | : [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Rapid%20Risk%20Analysis request bug] | ||
=== Description === | === Description === | ||
| Line 138: | Line 138: | ||
* Get your service recorded in a risk heatmap to compare it with other services. | * Get your service recorded in a risk heatmap to compare it with other services. | ||
* Find out if you need a threat model. | * Find out if you need a threat model. | ||
== Service: Vulnerability Assessment == | |||
; Support commitment | |||
: Response within a week. | |||
; Costs | |||
: One or more meetings with InfoSec. | |||
; Service request | |||
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Vulnerability%20Assessment request bug] | |||
=== Description === | |||
A vulnerability assessment is a semi-automated point-in-time assessment conducted by Mozilla Security using a vulnerability scanner and other “point and shoot” tools for an explicit set of target(s). May include a validation component, depending on scope and service risk. | |||
=== What you can do with this service === | |||
* Quickly identify commonly known vulnerabilities/misconfigurations in your application ranked by severity | |||
* Get a sense of a vendor systems security posture if the vendor is not forthcoming but is willing to be scanned | |||
* Get a manual verification of vulnerabilities/misconfigurations to weed out false positives (optional - based on scope and risk) | |||
== Service: Threat Modeling == | == Service: Threat Modeling == | ||
| Line 146: | Line 165: | ||
: One or more meeting with InfoSec. | : One or more meeting with InfoSec. | ||
; Service request | ; Service request | ||
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component= | : [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Threat%20Modeling request bug] | ||
=== Description === | === Description === | ||
| Line 167: | Line 186: | ||
: One or more meeting with InfoSec. | : One or more meeting with InfoSec. | ||
; Service request | ; Service request | ||
: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component= | : [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Penetration%20Test request bug] | ||
=== Description === | === Description === | ||