Security/InfoSec: Difference between revisions

Security/InfoSec (view source)

990 bytes added , 29 December 2015

Automated sync from https://github.com/mozilla/wikimo_opsec

32

edits

@@ Line 27: / Line 27: @@
 * [https://mozillians.org/en-US/u/amuntner/ Adam Muntner] [:adamm]
 * [https://mozillians.org/en-US/u/april/ April King] [:April]
+* [https://mozillians.org/en-US/u/phrozyn/ Alicia Smith] [:phrozyn]
 = Service Catalog =
@@ Line 157: / Line 158: @@
 * Get a quick in-line reply in Bugzilla (responses sec-review flag).
 * Get architectural tips from the security point of view at the project design time.
+== Service: Penetration Testing ==
+; Support commitment
+: Response within a week
+: Testing timelines vary based on testing scope
+; Costs
+: One or more meeting with InfoSec.
+; Service request
+: [https://bugzilla.mozilla.org/enter_bug.cgi?product=Enterprise%20Information%20Security&component=Review request bug]
+=== Description ===
+An adversarial exercise with the goal of demonstrating risks that could be exploited by a threat actor.  Testing scope is heavily influenced by RRA and Threat Modeling results, which should be completed prior to Penetration Testing.
+=== What you can do with this service ===
+* Get a detailed report of security controls that were tested and found effective/ineffective
+* Get recommendations on how to remedy ineffective security controls
+* Get proof of concept (PoC) evidence that demonstrates the ineffectiveness of security controls to support development and prioritization efforts
 == Security Incident Response ==