Sunteți pe pagina 1din 2

Major information security focus area: Comprehensive information security risk assessment covering the entire organizat ion

Understanding and addressing legal & regulatory requirements Focus on information security in holistic manner covering telecom network, equip ments and IT systems Strengthening internal organization security with changing threats and operation al requirements of business Third party security being part of the Information Security Framework Defining an operations control framework for maintaining privacy of sensitive in formation Continuous assessment of risks emerging from new technologies and defining contr ols to mitigate them. Technical security audit of the main core telecoms network . This will include: Review of security settings around key network elements (HLR/AUC, MSC, IN, GGSN /SGSN, SS7 etc). Security review of interfaces with VAS and OSS/BSS elements. Identifying potential security risks and likelihood of impact/severity. Review of network segregation. Encryption & ciphering standards. Organisational review of security strategy and management. Security incident reporting & escalation practices. Review of tools used to support security implementation Security Standards for Telecom Operators Organisation Standard/ Specifications Description ISO/IEC 27001:2005 Specifies requirements for an Information Security Management System ISO/IEC 27002:2005 Specifies a code of practice for information securi ty management based on ISO 27001 ISO/IEC 27011:2008 ISO 27002 tailored specifically for application to telecommunications organisations, developed as a joint effort with ITU-T 15408 (The Common A common set of security requirements for evaluation of computer security products and systems, including telecom network components Criteria) 3GPP 33-Series Provides specifications for security st andards for GSM (including GPRS and EDGE), W-CDMA and LTE (including advanced LT E) mobile systems 3GPP2 S.S0086 and others Provides specifications for security standards f or GSM (including GPRS and EDGE), W-CDMA and LTE (including advanced LTE) mobile systems ITU-T E.408 Provides an overview of security requirements, threat ident ification frameworks and guidelines for risk mitigation ITU-T E.409 Incident organisation and security incident handling ITU-T X.805 Security architecture for systems providing end-to-end comm unications ITU-T X.1051 ISMS guidelines for telecommunications, which is also referr ed to as ISO 27011:2008

Key implications of the amendment include: Network security responsibility is with Telecom Service Provider (TSP) Operators to audit their network (internal/external) at recommended periodicity Pre-Certification for vendor network equipment /IT systems prior to insertion in to the network Only Indian nationals shall be leading key positions in technology function, cov ering CTO,CISO and nodal executives in-charge of GSMC,MSC, Soft switch, Central database and system administrators Mandated to keep records like software details, updates and changes; operation & maintenance procedure manuals and command logs; supply chain of products Operators to monitor all intrusions, attacks and frauds and report the same to l icensor and to CERT-IN Right to vendor audit (i.e. service providers to TSP) with DoT (or designated age ncy) Financial penalty to be imposed per security breach Continuous assessment of risks emerging from new technologies and defining contr ols to mitigate them.

S-ar putea să vă placă și