Structured and Proven Process

The VeriSign® Managed Security Services process ensures that every event is handled effectively and efficiently by our security analysts. We constantly improve our policies and practices to define what we do, how we do it, and the way we document it.

Transaction-Based Process

Security-related events generate a prioritized trouble ticket queued for handling by a VeriSign information security analyst who takes ownership of the ticket through to completion. The security analyst initiates an appropriate response, which may include blocking the attack, generating a report for review on the VeriSign® Enterprise Security Portal, and contacting the client to discuss response and remediation.

Business-Focused Response

The increasing complexity of network systems and the rising sophistication and frequency of attacks requires a measured response to alerts and warnings. Responding to every threat or event is hardly feasible. Our risk-based methods factor in client data across managed security services, vulnerability awareness, industry threats, and global intelligence to help you prioritize your resources without compromising regulatory compliance.

Compliance Driven

VeriSign is safe harbor certified and meets SAS 70, Type II requirements. We base our security services methodology on internationally recognized standards of good practices and principles:

• The Information Security Forum’s (ISF) Standards of Good Practice
• ISO17799: International Organization for Standardization, Code of Practice for Information Security Management
• U.S. General Accounting Office (GAO), Executive Guide, Information Security Management: Learning From Leading Organizations
• Information Systems Audit and Control Foundation (ISACF), Control and Objectives for Information and Related Technology (COBIT)