Security Risk Team

Maintained by:

Security Risk Mission

This page is under construction.

Core Compentencies

Security Operational Risk Management (StORM) Program

A Tier 2 Operational Risk Management program which focuses on the identification, assessment, tracking, and overall management of operational security risks across the organization. Check out the StORM Program & Procedures handbook page for additional details, including a quick introduction to Risk Management at GitLab as well as information about the purpose, scope, and specific procedures executed as part of the program.

Need to communicate a potential risk to the team?

Please refer to the communication section of the StORM Program & Procedures page for information on the various ways that team members can use to escalate potential risks to the Security Risk Team.

Critical System Tiering

Every system at GitLab is assigned a critical system tier. The Security Risk Team owns the tiering methodology that establishes each system's tier. For more information about the methodology and inputs utilized to determine tiering, refer to the Critical Systems Tiering Methodology handbook page.

Business Impact Analysis (BIA)

On an annual cadence, the Security Risk Team conducts a BIA over systems utilized across GitLab. The data collected as part of this process is used to ensure that various data sources, such as system inventories, are continuously maintained and up-to-date. For more information about the BIA process and procedures, refer to the Business Impact Analysis handbook page.

Third Party Risk Management (TPRM) Program

:construction: :construction: :construction:

This section is under construction

:construction: :construction: :construction:

Metrics and Measures of Success

:construction: :construction: :construction:

This section is under construction

:construction: :construction: :construction:

Roles & Responsibilities

Team Member	Role	Responsibilities
TBD	Manager, Security Risk
Steve Truong	Senior Security Risk Engineer	StORM Program DRI
Darren Lamison-White	Senior Security Risk Engineer	TPRM Program DRI

Contact the Team

Email:
- TBD
Slack:
- #security-risk-management channel
- #sec-assurance channel (includes the broader Security Assurance Team)
- @security-risk
GitLab:
- Tag the team across GitLab using @gitlab-com/gl-security/security-assurance/security-risk-team

References

Return to the Security Assurance Homepage

Security Risk Team

Maintained by:

On this page

Security Risk Mission

Core Compentencies

Security Operational Risk Management (StORM) Program

Critical System Tiering

Business Impact Analysis (BIA)

Third Party Risk Management (TPRM) Program

Metrics and Measures of Success

Roles & Responsibilities

Contact the Team

References