modern-data-warehouse-dataops icon indicating copy to clipboard operation
modern-data-warehouse-dataops copied to clipboard
verified publisher icon Azure-Samples

Triage Security Findings - Defender Initial Score

Open ExpressDead opened this issue 1 year ago • 2 comments

Hold a meeting to triage initial security findings in the most "production like" environment your code will be deployed into. Address the relevant findings using Defender for Cloud recommendations or using the customer's tooling. Create backlog items as needed.

ACTIONS

Hold a triage meeting to review security recommendations. Address recommendations, create backlog items to remediate findings as appropriate. Record the observed Defender score here.

ExpressDead avatar Nov 19 '24 19:11 ExpressDead

@ExpressDead - as a best practice we are adding a DoD for all User stories and tasks. Can you also define the DoD on all the tasks you've added to the backlog please? Thank you!

ydaponte avatar Nov 26 '24 15:11 ydaponte

Update:

The initial Defender Score should be based on the security findings from the environment where the production code is deployed.

DoD:

Triage the initial security findings Review Defender Recommendations to prioritize mitigations Create backlog items to remediate as appropriate. Record current Defender Score (repeat for each Sprint or Milestone until completion)

jayce21-ms avatar Dec 22 '24 22:12 jayce21-ms