| <<< January - March 2019 | April - June 2019 | >>> |
Q4 Goals
https://www.mediawiki.org/wiki/Wikimedia_Technology/Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management/CDP_Budget_Segment_2/Goals#Status_2
Outcome 1 / Output 1
Ensure the high-quality protection and security of our infrastructure and data. Review and update current security policies, standards and procedures
Goal(s)
- Review and mature our security policies and awareness functions:
- T221133: Create or update 3 security policies (Q4 2019) (ongoing goal) (T221642)
- Provide Security Awareness training (ongoing goal) (T221659)
- Perform Phishing campaign
- Form Security Council (T221639)
- Form strategy and begin initial steps toward building a data governance platform
- Form strategy and begin initial steps toward building a vulnerability management program
- Assess current security logging capabilities (stretch goal)
Outcome 1 / Output 2
Ensure the high-quality protection and security of our infrastructure and data. Reduce risk, improve application security practices, improve code quality, reduce vulnerabilities and attack surface and encourage a secure by design approach.
Goal(s)
- Expansion of CSP (ongoing goal) (T28508)
- Security Release (ongoing goal) (T205041)
- Analytics Risk Assessment and Threat Model (T203997)
- Incorporation of Phan-taint-check into MW Core (stretch goal) (T203630, T183174, T216348)
- Evaluate dynamic scanners (T219567)
- Routine penetration testing
- Polish and demo appsec docker “toolboxes” (PHP, Python) (T221477)
- Improve security tooling for Phab/Gerrit monitoring (T217673, T218743, T212508)
- Formalized process and SOP for concept/design reviews (new form and SOP update, T220624, done)
- Generate initial security metrics/measurements
Outcome 1 / Output 3
Ensure the high-quality protection and security of our infrastructure and data.
--Increase maturity and capabilities in the event of a security incident.