Background:

Cyber-crimes and the annual costs incurred by business are on the rise year over year. In 2017, the average cost of a data breach alone in North America is $1.3 million for enterprises and $117,000 for small and medium-sized businesses (SMBs), according to a report from Kaspersky Lab.

So what can an organization do to reduce their risk? The most common response is to recommend technology overkill, and mostly that is address with a balance of intelligent security tools, governance practices and focused training of team members.

In this article, I will explain about most important and vital plan to keep in-place that will help organizations and security incident response teams (SIRT) to be well prepared and organized for handling security incidents in an effective way.

Security Incident Response Plan:

Mostly referred as SIRP is a plan developed, reviewed and implemented by Security In-charge to handle security incidents.

SIRP plan on high-level should include:

1. Security Incident Response Plan Policy

2. Security Incident Response Plan Testing Procedure

It is commonly known that a well-defined, published and acknowledged policy will be hard for employee to deny wrong doing when you have signed papers showing review of existing policies.

So let’s take a start from Policy.

Following section is not uniform and may differ organization to organization based on their own format of Policy drafting.

Executive Statement
Purpose
Scope
Cancellation or Expiration
Roles & Responsibilities

SIRP policy should include but not limited to:

Service or Product description
Contact Information (contact information for dedicated team members to be available during business / non-business hours should an incident occur and escalation be required)
Triage
Identified Mitigations & Testing
Mitigation & Remediation Timelines

SIRP Policy must also provide reference to below documents;

Security Incident Response Plan & Testing Procedure
Security Incident Identification & Severity

Conclusion:

In this article we understood importance of security incident handling and how to start with policy document. I will soon publish part 2 in series of SIRP articles that will give insight about preparing SIRP Testing Procedure which will be the actual plan for preparing security teams and carrying out SIRP test.

How to build Customer Trust in Your SaaS by Complying, Implementing and Adhering to industry best practices and security certifications

By Netsoftmate on

September 8, 2017

- Uncategorized

In today’s era technology is changing dynamically with great pace. Most organizations are looking forward to reduce their workload by opting their day-to-day applications to be in cloud which is well known as “Software-as-a-Service” (SaaS) model.

As SaaS is playing a crucial role in helping organizations to focus on their core business rather than focusing on developing, implementing and managing required infrastructure for their day-to-day business application usage on other hand it is becoming challenging and questionable for them on how to trust SaaS providers about their business data being processed and stored out of their environments.

With that said being a key player in today’s SaaS model you need to gain trust within the market and if organizations do trust you, you can become the go-to SaaS provider in your sector for all companies, from small, medium businesses up to enterprise sector.

It will significantly increase your potential in market and will boost up your business by attracting and adding more customer base.

The advantage of these certifications can be that being a SaaS provider you can avoid customers who have Vendor audit requirements from performing regular audits with you as they can use carve out methodology to rely on your SOC reports or ISO 27001 certification.

What’s SOC?

SOC 2 Is All About Trust

SOC 2 was set up to define the criteria for how external SaaS companies should manage their customers’ data. It uses 5 Trust Principles set out by the AICPA so companies know whether the SaaS can be trusted. An independent third party audits the SaaS provider and generates a report for the SaaS, showing they do what they say. The 5 Trust Principles are:

1. Security: The system is protected against unauthorized access.

2. Availability: The system is available for operation and use as committed or agreed.

3. Processing Integrity: System processing is complete, accurate, timely, and authorized.

4. Confidentiality: Information designated as confidential is protected as committed or agreed.

5. Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA (Canadian Institute of Chartered Accountants).

What’s ISO 27001?

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties (customers).

Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.

Conclusion:

Gear-up to learn and adopt certifications that will strengthen customers Trust in your SaaS deliverables. To know more contact info@netsoftmate.com.

Good Contents Are Everywhere, But Here, We Deliver The Best of The Best.Please Hold on!

Home

About

Services

Blog

Contact

Uncategorized

Security Incident Response Plan – Part 1

How to build Customer Trust in Your SaaS by Complying, Implementing and Adhering to industry best practices and security certifications

ABOUT US

Services

CONTACT US

Follow Us!