首次打开填写Facebook数据保护评估时,问题是这样子的:
两个选项,是 或 否。
选否估计会被强制退回重写,具体我也没尝试过。Facebook也是多次一问的,默认是不就行了吗,搞这个数据保护评估就是为了transfer risk给developers!!!
选是。
顺利的话,审查员不会问下去,要是运气不好,审查员会要求你提供测试证据,也就是针对你的安全事件的系统和流程进行攻防演练的证据,就像我之前遇到过的:
Q14 – Thanks for your response. Unfortunately, the provided evidence is not sufficient. Please note that this requirement is about incident response plan and it’s implementation. Policy – You must have a written security incident response plan. It should contain the following topics: roles and responsibilities, detection, react and recovery, and post incident review Implementation evidence – We need evidence like a tabletop exercise. Submit evidence that you have tested the plan within the past 12 months. This evidence may take different forms, but it should include: A description of the scenario (e.g., a tabletop exercise in response to a ransomware attack), The date when the test took place The role of each participant and, If any of the personnel named in the plan’s roles and responsibilities section did not participate, justification for each?
FB审查员说,需要提交在过去12个月内测试过该计划的证据!这些证据可能有不同的形式,但应该包括:场景描述(例如,应对勒索软件攻击的桌面演习),测试发生的日期每个参与者的角色等。
说白了,就是攻防演练的证据,最好是打印表格然后手写,然后扫描成PDF,像我这样:
规律是,你回复快,审查员也回复很快!上午提交审核,晚上19点左右就收到了完成数据保护评估的邮件通知:
祝大家都好运!
联系邮箱: keysolutions@foxmail.com
大佬能给个 攻防演练的证据 表格模版吗?新人不懂,不知道咋搞,谢谢🙏