Cyber Security Incident Response Plan

Introduction

The global cyber threat landscape continues to evolve and grow, and the early detection and fast response to cybersecurity incidents and data breaches become paramount to mitigate the impact on our customers, partners, stakeholders and across stc.

stc is well established as the digital transformation engine in the region providing a comprehensive suite of services encompassing digital infrastructure, cloud computing, cybersecurity, Internet of Things (IoT), artificial intelligence (AI), digital payments, digital media, and digital entertainment across the Kingdom of Saudi Arabia, the Middle East and North Africa (MENA) region, and Europe. Our critical role in providing several critical services solidifies our commitment to fostering strong cybersecurity practices. Understanding the criticality of our services, we have developed a comprehensive Cybersecurity Incident Response Plan that adheres to national regulations and international best practices. Additionally, we integrate sustainability into our cybersecurity operations to contribute positively to our ESG goals that we strive for on an annual basis.

Understanding our far-reaching Impact

Categorized as a national critical infrastructure, stc understands the far-reaching impact of cyber incidents on our customers, partners, stakeholders, and the Kingdom of Saudi Arabia as a whole. Our incident response approach ensures that we can manage any incident swiftly and effectively while minimizing disruptions and preserving the trust placed in us. We work closely with our regulators such as the Communications, Space & Technology Commission (CST) and the National Cybersecurity Authority (NCA) to ensure compliance and coordinated responses.

our Cybersecurity Capability

stc maintains robust cybersecurity capabilities that adheres to the highest international standards for cybersecurity, including ISO 27001, ISO 22301, NIST, SANS, CSA, OWASP, GSMA, ENISA which guide our comprehensive approach to incident detection, response, and recovery. Additionally, we have CREST-certified professionals for penetration testing and ethical hacking services whereby we validate the security of our systems, identify vulnerabilities, and implement remediation measures to fortify our defenses against potential cyber threats. stc is also an active member of FIRST.org (Forum of Incident Response and Security Teams), collaborating with global cybersecurity experts to share threat intelligence, best practices, and incident response strategies. Our participation in FIRST enhances our incident response readiness and supports timely mitigation of cyber incidents.

Overview of the Incident Response Program

Our Incident Response Program is structured around four core functions: Identification & Triage, Response Coordination & Guidance, Forensic Analysis, and Incident Reporting.

For detailed Incident Response Plan and Program please click here Incident Response Plan

Mobile

Home internet

Lifestyle

Devices

Loyalty

packages

Office solutions

other services

Connect

Digitize

Protect

Monitor

Loyalty

Voice & Roaming

Accesses Service

Facility Services

Capacity Services

Data Services

Cyber Security Incident Response Plan

Introduction

Understanding our far-reaching Impact

our Cybersecurity Capability

Overview of the Incident Response Program

most visited

support

group website

about stc