To ensure a consistent and effective approach to the management of information security incidents, the security incident process is integrated with the Incident Management at Schibsted process (IMAS). This ensures a quick, effective, orderly, and repeatable response to information security incidents.
Schibsted monitors systems and applications on a 24/7 basis through a Security Operations Center (SOC). If the SOC concludes that an alert is a true positive, it will escalate to the Schibsted Network Operations Center (NOC). Schibsted NOC makes sure to alert affected internal users and make sure that an incident is created under the Incident Management At Schibsted (IMAS) framework.
The IMAS framework helps teams to mitigate the incident efficiently and makes sure that all processes are followed while doing so. Included in the framework is a post-mortem section which is intended to allow teams to learn from the incident and come up with solutions that will ensure that the same type of incident doesn’t happen again.
Every employee at Schibsted has the responsibility to report potential security incidents or issues. This can be done by contacting Service Desk, NOC in case of a major security incident, or through our internal application.
Schibsted’s Crisis Management organization handles critical incidents/situations and is in place at the Schibsted level and the country level. Crisis management plans enable the Crisis teams to manage and communicate the appropriate information during a crisis efficiently. The Crisis teams have the authority and functions to be able to handle IT Security vectors connecting to physical security. A crisis does not specifically need to contain an IT Security vector. The main contact point is the Schibsted NOC, which will perform triage of the situation, and then escalate and invoke resources as required.