Several roles to assign to resources that play an important function throughout the platform. Below is a list of these assignments and suggestions on how to best incorporate them when using PlexTrac.
This role is the resource(s) assigned to a specific finding in a report with the intent to remediate the vulnerability.
If leveraging an issue tracking platform solution (i.e., Jira or ServiceNow), integrate those tools with PlexTrac so the remediation efforts can be tracked across applications seamlessly.
A closed finding should retain its assignment for auditing and analytics purposes.
This role is the resource responsible for owning the report.
In a consultancy or MSSP environment, assign the success manager who works with the client as the report owner.
In an enterprise environment, the report owner may be the project manager or a team member.
This role is the resource(s) assigned the task of reading, editing, and collaborating on a report readout of the narratives and findings.
Assign both technical and copywriting-focused reviewers to ensure the quality of the final report.
This role is the resource(s) responsible for the quality and accuracy of the assessment.
Require approval of all reviewers before the assessment can be submitted.
Runbook Red Team Operator
This role is the resource(s) assigned to be a red team operator during a penetration test and plays the part of the attacker or competitor with the intention of identifying vulnerabilities in a system.
Runbook Blue Team Operator
This role is the resource(s) assigned to be a blue team operator during a penetration test and responsible for defending a company’s use of information systems by maintaining its security posture.