Security & Compliance · Level 3

Mission briefing

Mission 5-C: The audit report landed. There are findings — not catastrophic, but real, and each one needs an owner and a fix. A few of them, it turns out, point at screens you designed.

The Security Engineer

Some findings came from penetration testing — hired experts who try to break in on purpose, with permission, to find holes before real attackers do. They probe like an adversary so we can patch what they find. Think of it as a fire drill for break-ins.

Tap to define:

The Tech Lead

The whole audit exists for compliance — meeting the formal security and privacy standards our industry or customers require. Passing isn't optional; contracts and regulations depend on it. The findings are the gap between where we are and what the standard demands.

Tap to define:

The Security Engineer

Two findings are yours-adjacent: access control — making sure people can only reach what they're permitted to — was too loose on one admin screen. And the audit log, the tamper-evident record of who did what and when, wasn't surfaced clearly in the UI for reviewers.

Tap to define:

You

So "who can see this" and "show the history of what happened" are design responsibilities with compliance teeth. The admin screen needs clearer permission states, and the audit log needs to be actually legible. Real, fixable, mine.

An audit finding says an admin screen lets the wrong roles see sensitive controls. What's the design role here?

Mission complete

+25 XP

Return to Security & Compliance →