News
by Irfan

Security regulatory compliance for telecom operators


The DoT (Department of Telecommunications) in India has enforced the telecom operators holding license(s) to ensure that they comply to security amendment dated 31st May 2011, likewise Ofcom in UK and other nations has got regulatory compliance for telecommunication industry to adhere

The Chief Information Security Officer (CISO) plays a vital role in developing security policies. Subsequently the controls get implemented & business shall assure the continuous monitoring on the adequacy and accuracy on the effective enforcement.

One of the world’s leading authorities on global security, Marc Goodman takes readers in his book – deep into the digital underground to expose the alarming ways criminals, corporations, and even countries are using new and emerging technologies — and how this makes everyone more vulnerable than ever imagined. The role that telecommunications technology, and the Internet in particular, will play in globalization, will ensure that crimes become more transnational in scope (Foresight Directorate, 2000b)

Governments can develop policies, amendments and shall enforce it with the help of regulators. Though it’s important;telecom operators shall realize the risk and should take it in board room governance & mutually share the best practices within the industry

Essential guidance for telecom operators to meet and/or exceed the security regulatory compliance are as follows

  • Continual assessment of business critical assets. Its evaluations should be seen as a progression towards achieving an acceptable transient condition.
  • Understand risks and engage in consulting. With the introduction of new technologies, its imperative to enhance the resilience of telecom core network. Hence its crucial to engage consulting firms to perform independent audit – avoid point solution thinking
  • Plan for security budgeted road-map. To achieve risk less level of maturity, start internally first – integrate organisation wide. Temporary or fragmented solutions is an open invite to bad guys, Hence investment in security should be an ongoing commitment
  • Build your expertise. Develop skills for the resources who have access to telecom core network on key areas as threats are dynamic in nature. They should have awareness across borders on the cyber breaches, proactive detection, security incident response management, reputation losses & regulatory penalties
  • Collaboration. Establishing a collaborative platform/think-tank for cyber security inputs, discussions and deliberations, operational of security with industry peers and seeking legal cooperation with agencies

Should you wish to write feedback, please comment here