Links

Assignments and Roles

Several roles to assign to resources that play an important function throughout the platform. Below is a list of these assignments and suggestions on how to best incorporate them when using PlexTrac.

Finding Assignee

This role is the resource(s) assigned to a specific finding in a report with the intent to remediate the vulnerability.
Best Practices:
  • If leveraging an issue tracking platform solution (i.e., Jira or ServiceNow), integrate those tools with PlexTrac so the remediation efforts can be tracked across applications seamlessly.
  • A closed finding should retain its assignment for auditing and analytics purposes.

Report Operator/Owner

This role is the resource responsible for owning the report.
Best Practices:
  • In a consultancy or MSSP environment, assign the success manager who works with the client as the report owner.
  • In an enterprise environment, the report owner may be the project manager or a team member.

Report Reviewer

This role is the resource(s) assigned the task of reading, editing, and collaborating on a report readout of the narratives and findings.
Best Practices:
  • Assign both technical and copywriting-focused reviewers to ensure the quality of the final report.

Assessment Reviewer

This role is the resource(s) responsible for the quality and accuracy of the assessment.
Best Practices:
  • Require approval of all reviewers before the assessment can be submitted.

Runbook Red Team Operator

This role is the resource(s) assigned to be a red team operator during a penetration test and plays the part of the attacker or competitor with the intention of identifying vulnerabilities in a system.

Runbook Blue Team Operator

This role is the resource(s) assigned to be a blue team operator during a penetration test and responsible for defending a company’s use of information systems by maintaining its security posture.