Assignments and Roles
Several roles to assign to resources that play an important function throughout the platform. Below is a list of these assignments and suggestions on how to best incorporate them when using PlexTrac.
This role is the resource(s) assigned to a specific finding in a report with the intent to remediate the vulnerability.
Best Practices:
- If leveraging an issue tracking platform solution (i.e., Jira or ServiceNow), integrate those tools with PlexTrac so the remediation efforts can be tracked across applications seamlessly.
- A closed finding should retain its assignment for auditing and analytics purposes.
This role is the resource responsible for owning the report.
Best Practices:
- In a consultancy or MSSP environment, assign the success manager who works with the client as the report owner.
- In an enterprise environment, the report owner may be the project manager or a team member.
This role is the resource(s) assigned the task of reading, editing, and collaborating on a report readout of the narratives and findings.
Best Practices:
- Assign both technical and copywriting-focused reviewers to ensure the quality of the final report.
This role is the resource(s) responsible for the quality and accuracy of the assessment.
Best Practices:
- Require approval of all reviewers before the assessment can be submitted.
This role is the resource(s) assigned to be a red team operator during a penetration test and plays the part of the attacker or competitor with the intention of identifying vulnerabilities in a system.
This role is the resource(s) assigned to be a blue team operator during a penetration test and responsible for defending a company’s use of information systems by maintaining its security posture.
Last modified 7mo ago