Enterprise Information Security
Infosec assists Mozillians in defining and operating security controls to ensure that data at Mozilla is protected consistently across the organization.
- we help you define the risks around your services and data
- we help projects design and implement security controls
- we maintain a risk-based inventory of systems and their functional security controls to help Mozilla management determine where to invest in security measures
- we develop a catalog of services and tools that help you appropriately secure your data
- we respond to security investigations and incidents
- we provide baseline practices and assist teams in defining their security standards
- Key Management Find out which algorithms are recommended, when to expire keys, etc.
- Kubernetes A high level guide of basic security needs for Kubernetes
- OpenSSH How to configure and use OpenSSH server and client securely
- Web Security What headers, setup, etc. should you follow for your web site?
- Assessing Security Risk An open framework to assess security risk from an operational perspective
- Likelihood Indicators A model for determining how security controls affect risk
- Rapid Risk Assessment (RRA) A rapid methodology to perform risk analysis and create a lightweight threat model.
- Scoring and other levels Standardized scoring and other levels that aren't directly representing risk levels.
- Standard Levels Standardized levels for security risk, effort and other measurements.
- OpenID Connect How to use OpenID Connect securely and make user’s session experience better
- SAML How to use SAML securely and make user’s session experience better
- Rationales Explains and justifies the use of specific controls, principles
- Security Principles Most important security principles to follow - the baseline
Email us: infosec [at] mozilla.com. For confidential information, encrypt your email using our public PGP key. Our full fingerprint is