Assignments and Roles

Roles and assignments within PlexTrac are vital in organizing and optimizing the platform's usage. Organizations can effectively distribute responsibilities, maintain accountability, and streamline collaboration by assigning specific roles to team members. Below is an expanded list of roles within PlexTrac, along with their assignments and suggestions on how to best incorporate them when using the platform.

🛠️Finding Assignee

The Finding Assignee is assigned to an individual responsible for remediating a specific finding identified in a report. Their primary responsibility is to address the identified vulnerability, implement necessary fixes or mitigation measures, and ensure that the system or application is secure.

The Finding Assignee's expertise, prompt response, effective collaboration, and thorough remediation efforts contribute to maintaining a secure environment and reducing the organization's overall risk exposure.

Best Practices:

• If leveraging an issue-tracking platform solution (i.e., Jira or ServiceNow), integrate those tools with PlexTrac so the remediation efforts can be tracked across applications seamlessly.

• A closed finding should retain its assignment for auditing and analytics purposes.

👍Report Operator/Owner

The Report Operator/Owner is assigned to a resource responsible for owning and managing a report throughout its lifecycle. As the primary point of contact for the report, their responsibilities span from its creation to its final delivery.

By designating a dedicated Report Operator/Owner, organizations can ensure accountability, consistency, and efficient management of reports. The Report Operator/Owner is responsible for creating, owning, managing, assuring quality, delivering, and overseeing the lifecycle of reports. This contributes to the production of precise, valuable, and well-organized reports.

Best Practices:

• In a consultancy or MSSP environment, assign the success manager who works with the client as the report owner.

• In an enterprise environment, the report owner may be the project manager or a team member.

✍️Report Reviewer

The Report Reviewer is assigned to a resource responsible for reviewing, editing, and collaborating on the report readout, which includes narratives and findings. Their primary responsibility is to ensure the report's quality, accuracy, and clarity before its finalization.

The Report Reviewer's responsibilities encompass reviewing content, editing and proofreading, collaboration and feedback, ensuring consistency, compliance and quality assurance, and timely completion.

Best Practices:

• Assign technical and copywriting-focused reviewers to ensure the quality of the final report.

👌Assessment Reviewer

The Assessment Reviewer is assigned to a resource responsible for ensuring the quality and accuracy of an assessment. The reviewer's primary responsibility is to thoroughly evaluate the assessment process, methodologies, findings, and associated documentation to ensure they meet the desired standards.

Best Practices:

• All reviewers are required to approve the assessment before it can be submitted.

🔴Runbook Red Team Operator

This role is assigned to an individual or a team who serves as a red team operator during a penetration test. Red team operators' primary responsibility is to simulate the role of an attacker or competitor, employing advanced techniques to identify vulnerabilities within a system.

They should be well-versed in various attack vectors, exploitation techniques, and reconnaissance methodologies. This expertise enables them to effectively simulate real-world threat scenarios and identify potential weaknesses in the system.

🔵Runbook Blue Team Operator

This role is assigned to an individual or a team responsible for acting as a blue team operator during a penetration test. Blue team operators are primarily responsible for defending a company's information systems and maintaining its security posture.

The Blue Team Operator monitors the company's information systems for potential security incidents. They leverage security monitoring tools like intrusion detection systems (IDS) and security information and event management (SIEM) systems to detect and respond to real-time threats. Their expertise allows them to identify abnormal activities, investigate potential incidents, and respond effectively to mitigate risks.