Introduce the ZEALS IDSS, a security strategy framework for the technology department in ZEALS
Hi, everyone, I hope you are doing great. My name is Yi Zhou and working as a VP in ZEALS, a pioneer company focused on chat-commerce in Japan.
I have several responsibilities in this company. Creating a security strategy is one of my responsibilities. Today I will introduce the ZEALS IDSS, a security strategy framework for the technology department of ZEALS.
What’s the ZEALS IDSS?
The ZEALS IDSS is an abbreviation of ZEALS Information/Data Security Standard, which is a security strategy framework designed by the technology department of ZEALS as a compass to guide our security policy, security countermeasures.
The ZEALS IDSS image:
Why do we need the ZEALS IDSS?
The following are the primary points that motivated us to design ZEALS’s own security strategy.
- ZEALS’s business is expanding dramatically, we need to higher security for our products and services
- Along with the growth of the business, ZEALS is becoming more and more famous, which makes it be easy to suffer external attacks.
- ZEALS’s products and services become bigger and bigger scale and complicated, we need a standard to standardize the process of the design and development from the strategy level.
- ZEALS’s technology department become bigger and bigger, we need to improve and strengthen our employees’ security mindset.
All of these motivated us to design and implement our own security standards to ensure our business.
What’s the objective of the ZEALS IDSS?
Simply, the objective of the ZEALS IDSS is to ensure/protect the continuity of ZEALS business from 2 sides: Confidentiality and Integrity.
The core dimensions for the ZEALS IDSS
We have designed 3 core dimensions for the ZEALS IDSS:
- Governance:
Focus on the rules, policies, risk management, and security coaching.
2. Prevent:
Avoiding/preventing the security risks from technical perspectives including infrastructure and application.
3. Detect&Respond:
Focus on the monitoring, handling workflow related to the security risks.
The Multi-Layer protect the image of the ZEALS IDSS
What are the primary functions of the ZEALS IDSS?
- Creating safer systems
- Building the SBD(Security By Design) system including the planning, design, coding, and QA process
- Building the required measures/team to promote the SBD
2. Realization of management strategy with Security Minded
- Building the evaluation system to evaluate the security measures (including creating the business guide-line)
- To develop the talents and build the system to ensure smooth communication between the board members and staff on sites
3. Improvement of security-related environment
- Establish and implement effective security audit measures
- Monitoring the latest trend of international standard related security
- Building the system to improve our security operation continually
How to build and implement the ZEALS IDSS?
We plan to use 4 steps to build and implement the ZEALS IDSS.
- Preparation (Organizing the goal)
・Collecting security framework to define our own security standard.
・Building our security strategy.
・Defining our ideal status.
・Defining the process to organize our security strategy.
2. Current security assessment
・Aanlyzing the current status and making clear the gap between current status and ideal status.
・Indentify the issues/problems and define the high-level tasks.
3. Conducting the countermeasures, coaching, notifying
・Building our team to conduct our security strategies.
・Building our coaching system to let everyone join in this security system.
4. PDCA cycle
・Creating the PDCA cycle to improve our security organization and security systems
What are the tasks of ZEALS IDSS?
- Level1 tasks
2. Level2 tasks
3. Level3~4 tasks
Who will implement the ZEALS IDSS?
The above is the summary of the ZEALS IDSS.
So far we have already conducted some tasks. we will continue to implement our ZEALS IDSS and improve it to ensure our products/services be at a high-security level.
