...
But security is not just a top-down approach at yasoon. It is also a shared responsibility and a core value for everyone who works with us. We make sure that our staff is aware of the importance of security and the role they play in achieving it. We provide them with regular training, feedback, and support to help them maintain and improve our security posture.
Security awareness
We ensure that all staff undergo security awareness training during the onboarding process and regularly thereafter to keep security at the forefront of their minds. Our security awareness training program covers various topics, including current threats and scams, secure working practices, behaviors that pose security risks, as well as compliance and regulatory issues. Additionally, our developers have access to specialized training on secure coding.
...
Furthermore, we maintain open communication channels between employees and the security team through Teams chat and channel announcements. This accessibility ensures that the security team is readily available to all yasoon staff.
Access management
Principle We follow the principle of least privilege, access logging (request access through ticketing)
Secure enigneering
Security Practices | Atlassianwhich means we only give staff the data access they need for their role. Staff use individual accounts (not shared ones) and multifactor authentification to access data. All accounts are connected and managed by our central AzureAD using SSO. If staff need more access, they must submit a ticket with a valid reason. Only our core management team can approve or deny these requests. We also check and remove any unnecessary accesses regularly.