Wikimedia Security Team/Goals 2016-2017

= Goals =

All goals are in addition to training, reviews, security bug work, static and dynamic application scanning, and vulnerability scanning.

Q1 (July-Sept 2016)
1. Two-Factor usability improvements
 * Conduct surveying of user experience (may be completed Q4 2015-2016)
 * Implement changes based on analysis of feedback

2. Draft and release job descriptions for new Security Team staff and being hiring process
 * Director of (Application) Security
 * Software Engineer, Security
 * Security Analyst
 * Privacy Engineer

3. Draft Security Team onboarding documents/handbook, documenting:
 * Issue triage and response
 * Team member responsibilities and information required for cross-training
 * Policies and processes

The team will also support other teams in the following initiatives:
 * 1) Data Mapping, led by Legal
 * 2) AuthManager post-deployment updates, led by Reading
 * 3) Security audit remediation, led by OIT
 * 4) Incident postmortem reviews, led by Architecture )

Anticipated security reviews:
 * Reading - ?
 * TBD

Q2 (Oct-Dec 2016)
TBD

Q3 (Jan-Mar 2017)
TBD

Q4 (Apr-Jun 2017)
TBD