NT-ware has a comprehensive set of security measures in place to ensure we protect customer information and offer the most reliable and secure services we can. However, we also recognize that security incidents can still happen so it's just as important to have effective methods for handling them should they arise.
Our philosophy and approach
We consider a security incident to be any instance where there is an existing or impending negative impact to the confidentiality, integrity or availability of our customers' data, NT-ware data or NT-ware services. When we respond to security incidents, we continue to uphold our core values i.e. focusing on putting the best processes in place so that we handle security incidents in a way that is always aligned with the best interests of our customers and ensures they continue to have an outstanding experience when using our products.
Within NT-ware, we have a defined approach for responding to security incidents affecting our services or infrastructure. Our incident response approach includes comprehensive logging and monitoring of our products and infrastructure to ensure we quickly detect potential incidents. Defined processes ensure there is clarity in what we need to do during an incident. This is managed by our IT and Operations team coordinating with relevant departments and internal subject matter specilists. We also have access to a range of external experts to assist us with investigating and responding as effectively as possible.
Incident response process
We've developed an incident response process which is robust and incorporates several features explained below.
We have several monitoring mechanisms in place to detect failures or anomalies within the infrastructure that may be an indicator of a potential security incident. These systems alert us immediately if an activity is detected that requires further investigation. We have an aggregated log capture and analytics platform, which is monitored by the global NT-ware Operations team to ensure it is always available, to collate logs in a single location so our analysts can investigate quickly and thoroughly. In addition, we create alerts in our communication platform that notify our teams proactively.
An established framework for managing incidents quickly
To ensure our incident response process is consistent, repeatable and efficient, we have a clearly defined internal framework that covers the steps we need to take at each phase of the incident response process. We have documented playbooks that are continually updated which define in detail the steps we need to take to effectively respond to different incident types. At a high level, our response framework covers:
|A||Critical incident with maximum impact|
|B||High incident with very high impact|
|C||Medium incident with significant impact|
|D||Minor incident with low impact|
We use a variety of indicators to determine the severity of an incident – these vary depending on the product involved but will include consideration of whether there is a total service outage (and the number of customers affected), whether core functionality is broken and whether there has been any data loss.
Every incident we experience is managed by our Chief Information Security Officer (CISO) and security team members. The most appropriate person, depending on time zone and availability, takes the lead and typically makes security related decisions, oversees the response process and allocates tasks internally to facilitate our response process.
Sometimes, we may need a helping hand from an external expert to assist us with investigating an incident. We retain the services of specialist cyber security consultants and forensic experts for instances where we may require further in-depth forensic analysis or forensic holds for e-discovery in support of litigation.
To aid in the support and management of security incidents we heavily utilize various software platforms, among other communication tools and systems, which include: