Threat Management Policy¶
| Owner | Classification | Review Date | Status |
|---|---|---|---|
| CDO Office | Internal | April 2027 | Active |
Document Type: Policy | Owner: CISO | Classification: Confidential | Review Cycle: Annual
| Field | Detail |
|---|---|
| Document # | SP-TM-036 |
| Version | V1.0 |
| Issue Date | 09/09/2025 |
| Confidentiality Level | Class 2 (Private Data / Confidential) |
| Document Owner | Chief Technical Officer |
| Authorised By | Yassir Pasha |
Document Creation¶
| Field | Detail |
|---|---|
| Document # | SP-TM-036 |
| Document Title | Threat Management |
| Version | 1.0 |
| Confidentiality Level | Class 2 (Private Data / Confidential) |
| Date Created | 09/09/2025 |
| Issue Date | 09/09/2025 |
| Document Owner | Chief Technical Officer |
| Author(s) | Simpaisa |
| Purpose | To ensure that Threat Management is controlled as per process |
| Authorised By | Yassir Pasha |
Reviewed By Steering Committee¶
| Name | Role |
|---|---|
| Yassir Pasha | Chief Executive Officer |
| Kamil Shaikh | Chief Operating Officer |
| Osama Hashmi | Chief Financial Officer |
| Bachir Njeim | Chief Strategy and Operations Officer |
| Saqlain Raza | Acting Chief Technology Officer |
| Rizwan Zafar | Chief Product Officer |
| Ahsan Hussain | Payment Channel Partnerships |
| Danish Abdul Hameed | Chief Information Security Officer |
| Shahroze Khan | Head of International Merchant Sales and Strategic Alliances |
| Noor Ali | Country Head Pakistan |
| Shoukat Bizinjo | Global Head of Regulatory Affairs & Regulatory |
Change Control¶
| Version | Date of Issue | Author(s) | Brief Description of Changes | Approved By |
|---|---|---|---|---|
| V1.0 | 09/09/2025 | Simpaisa | Annual Review | Yassir Pasha |
1 Introduction¶
1.1 Scope¶
The threat management procedure applies to all Simpaisa systems, teams, tools, and stakeholders to ensure proactive, efficient, and authorised identification, assessment, and mitigation of security threats.
1.2 Purpose¶
This procedure ensures Simpaisa threat management practices are implemented securely and in compliance with organisational standards, safeguarding systems and ensuring operational resilience.
2 Threat Management¶
Threat management at Simpaisa enables proactive identification and mitigation of potential threats by integrating both external intelligence and internal data to strengthen overall security operations. Led by the Cybersecurity Manager, Simpaisa's cybersecurity team collects, analyses, and disseminates relevant threat intelligence to enhance response capabilities. This systematic approach involves several key phases, from data collection and analysis to applying threat intelligence into security controls. The third-party service provider plays a crucial role in supporting these operations by providing tools and services, including Threat Hunting and Cybersecurity Monitoring, to ensure a continuous defence posture.
The methodology follows four sequential phases: Collection → Analysis → Acting → Reporting
2.1 Threat Management Methodology¶
2.1.1 Phase 1: Collection¶
a) Gather and analyse data on emerging threats to proactively prevent potential harm and minimise the impact of any security incidents. This includes tracking new attack techniques, vulnerabilities, and malware behaviours.
b) The intelligence gathered will span three layers:
-
Strategic (high-level threat landscape)
-
Tactical (specific attacker methodologies)
-
Operational (real-time attack details)
These layers ensure a comprehensive view of the threat environment.
c) The collected intelligence must be relevant, actionable, and contextual, helping Simpaisa make informed decisions on mitigation strategies.
d) Threat intelligence will be gathered from internal security logs, incident reports, and threat-hunting activities, along with external sources like DataDOG, Attack Metricx, and Defender Threat Intelligence Portal. The gathered threat intelligence will be processed using FortiGuard Unified Threat Protection (UTP), threat intelligence platforms, and SIEM solutions.
e) Third-party provided Threat Hunting L1 & L2 availability services offer Indicators of Compromise (IOCs) for clients to upload directly into their SIEM for ongoing threat detection and monitoring.
2.1.2 Phase 2: Threat Feeds Analysis¶
a) Threat feeds will be thoroughly analysed to identify patterns of attacker behaviour, tactics, techniques, and procedures (TTPs), which are critical for improving Simpaisa's threat detection and response capabilities.
b) Threat intelligence through FortiGuard Unified Threat Protection (UTP) will be integrated into technical security controls, including FortiGate-200F firewall, DataDog, Defender EDR, Attack Metricx, and Patch Management systems, to enhance Simpaisa's overall defence posture. FortiGuard UTP helps by providing real-time protection against a wide array of security threats such as malware, botnets, phishing, and other malicious activities. It automatically updates based on the latest threat intelligence, ensuring continuous protection across Simpaisa's network.
c) Actionable intelligence will be shared in clear formats that allow Simpaisa decision-makers to quickly assess and act on the findings.
d) Third-party provided Cybersecurity Monitoring & Alerting Services (24x7) will continuously monitor the environment, providing real-time alerts and ensuring that threats are identified and mitigated promptly. This integrates directly into Simpaisa's SIEM platform for efficient management.
2.1.3 Phase 3: Acting on Threat Feeds¶
a) Threat intelligence will be integrated into Simpaisa's existing security processes, including vulnerability management and risk management, to ensure a cohesive and robust defence strategy.
b) Continuous monitoring of attacker behaviour will be done to identify any patterns or actors specifically targeting Simpaisa. This will allow the security team to adjust defences proactively, utilising tools such as the FortiGate-200F firewall and FortiGuard UTP to block or mitigate threats in real-time.
c) Intelligence gathered will be shared with relevant authorities like the Attack Metricx and other trusted partners to help build a stronger collective defence against cyber threats.
d) The Cybersecurity Manager will lead this phase, ensuring that all actions are implemented effectively. The CISO will be consulted and held accountable for strategic decisions, with the Head of Technical consulted for technical expertise, while the General Manager and PMO will be updated on a monthly basis on progress and outcomes.
2.1.4 Phase 4: Reporting¶
a) Detailed "Threat Reports" will be prepared on a monthly basis to summarise the threats identified, actions taken, and the resulting outcomes. These reports ensure transparency and documentation of Simpaisa's cybersecurity efforts.
b) Threat intelligence and lessons learned will be shared with external organisations, industry groups, and partners to help improve collective defence and overall cybersecurity awareness across the sector.