Page MenuHomePhabricator
Create Task
Maniphest T218036

Security Team quarterly check in for January - March 2019
Closed, InvalidPublic
Actions

Description

<<< October - December 2018January - March 2019April - June 2019 >>>

Q3 Goals

https://www.mediawiki.org/wiki/Wikimedia_Technology/Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management/CDP_Budget_Segment_2/Goals

Outcome 1 / Output 1

Ensure the high-quality protection and security of our infrastructure and data. Review and update current security policies, standards and procedures

*Goal(s)*

  • Review and mature our security policies and awareness functions:
    • Create or update 3 security policies
    • Provide Security Awareness training
    • Perform Phishing campaign
    • Security Code Review process improvements completed and published
    • Update/Consolidate security documentation

Outcome 1 / Output 2

  • Ensure the high-quality protection and security of our infrastructure and data. Reduce risk, improve application security practices, improve code quality, reduce vulnerabilities and attack surface and encourage a secure by design approach.

*Goal(s)*

  • Expansion of CSP
    • Security Release
    • Analytics Risk Assessment and Threat Model
    • Incorporation of Phan-taint-check into MW Core
    • Evaluate dynamic scanners
    • Routine penetration testing

Outcome 1 / Output 3

  • Ensure the high-quality protection and security of our infrastructure and data.
  • Increase maturity and capabilities in the event of a security incident.

*Goal(s)*

  • Perform tooling and process retro
  • Finalize and test our Incident Response documentation
  • Create incident play by play dashboard
  • Perform 1 large scale tabletop exercise

Q1 Individual Goals

OwnerGoals
@JBennett
@chasemp
@Reedy
@Bawolff
@sbassett
@mmarble
@Dsharpe
@charlotteportero

Event Timeline

charlotteportero created this task.Mar 11 2019, 3:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 11 2019, 3:11 PM
Aklapper added a project: Security-Team.Mar 11 2019, 3:19 PM

Assuming this is about Security-Team hence adding project tag so the task will be shown on a dashboard.

Liuxinyu970226 updated the task description. (Show Details)Mar 12 2019, 10:23 AM
Liuxinyu970226 updated the task description. (Show Details)
Liuxinyu970226 added a subscriber: Bawolff.
Liuxinyu970226 added a subscriber: Reedy.
Liuxinyu970226 updated the task description. (Show Details)Mar 12 2019, 10:29 AM
Liuxinyu970226 updated the task description. (Show Details)
Liuxinyu970226 added a subscriber: chasemp.
charlotteportero closed this task as Invalid.Mar 12 2019, 12:49 PM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL