-
Notifications
You must be signed in to change notification settings - Fork 31
Responding to Security Scan
Ryan Wold edited this page Oct 31, 2019
·
3 revisions
Trigger:
SecOps conducts the scans and then shares with the ISSO for tracking/distribution to team/POA&Ms. I would just change that SecOps does the scans and ISSO shares and tracks results
- On a regular basis, Security Scans are performed against Touchpoints by the ISSO. ISSO adds these items to the POA&M list
- ISSO will share Security Scan results with the Touchpoints PMO and ensure POA&Ms reflect findings
- Touchpoints PMO receives the results
Process:
- Touchpoints PMO creates user stories to be addressed (currently in the form of Trello cards)
- User stories are prioritized along with other stories and worked on by Engineers in the Touchpoints PMO
- When a Security-related story is completed, the POAM list is updated
Recurring Events:
- on at least a monthly basis, a Security Meeting is held between the CISO office and the Touchpoints team to review and provide status regarding outstanding POA&Ms