Wikimedia Security Team/Services

We seek to secure access to and the integrity of free knowledge.

Purpose
See our Charter for an outline of our mandate.

As a top 10 website, the Wikimedia projects rank just below the sites of Google, Facebook, YouTube, and Baidu. And like those sites, Wikimedia’s sites are a potential target of software hackers, server attacks, security breaches, malware infections, phishing campaigns, harassment efforts, and other bad behavior that’s designed to take down the sites, impede their operation, or undermine user engagement.

While threats to our operations happen nearly every day we work proactively to prevent cyber attacks by following best practice and by leveraging available open source software and trusted 3rd party partners to aid our security efforts. As our capabilities mature we update tools and processes to keep pace with industry-wide security best practice and to address emergent threats.

As we pursue a more comprehensive security strategy over the next five years, three areas of interest will be Security Governance, Security Engineering and Security Architecture will be in our immediate sites. We selected these three areas to align with best practice and to address gaps identified through recent security incidents. This list of focus areas should only be considered a starting point for providing a set of functional security areas and services for use now and future practitioners to build upon.

Services Arenas and Services
'' All services outlined here are currently provided by the Security Team and may be in different stages of maturity for process, documentation, standardization and exposition. Please be patient with us as we try to operate as transparently and in good faith as possible.''

Reference Materials
800-35

2019 Strat