Enterprise Information Security

For Security incidents, investigation, risk analysis requests, reviews. The team formerly known as OpSec and currently known as EIS or infosec

Select a component to see open bugs in that component:

General

Bugs related to the operations security (OpSec) team. These include server/network related security issues. (more info).

Incident

Used whenever a security breach, data leak, or event occurs that requires incident response.

Investigation

Think you might have a security incident but need help figuring it out? Leaked passwords but don't know if they've been used? It goes here. If attack is in progress or data has been leaked and used/seen by third parties, use the Incident component instead.

Rapid Risk Analysis

The Rapid Risk (Impact) Assessment (also called Rapid Risk Analysis) is a 30 minutes or less discussion about the potential risks of a project. The RRA is high level and lightweight.

Risk Record

Risk recorded during a risk analysis. These entries represent the risks and recommendations made. Tracking of remediations, acceptance of risk ("wontfix"), or discussion is done here.

Vulnerability Assessment

A semi-automated point-in-time vulnerability assessment conducted by a vulnerability scanner and other “point and shoot” tools for an explicit set of target(s). May include a validation component, depending on scope.