Telecoms Network Security AuditTelecoms Network Security involves the protection of core telecoms networks and systems, along with associated supporting IT platforms. While many Communication Service Providers protect different core network elements or IT systems, very few have a dedicated resource responsible for end-to-end network security. Security management is often fragmented throughout the organisation leading to increased risk. Procuring state-of-the-art security systems does not solve the issue, as many operators have learnt to their cost.

An independent, specialist and balanced view of network security mana-gement is a critical exercise that will determine risk status. It provides

confidence in knowing business critical network systems and installations will be secured and security management maximized.

Præsidium is technically expert in a wide range of communications technologies, including Next Generation telecom networks using IP technology. When undertaking a network security project, Præsidium first identifies the types of security risks prevalent, then analyses and determines their impact on the network operations as well as the business as a whole.

TestimonialAfrican Mobile Operator – Telecoms Network Security Audit

“Præsidium showed high levels of professionalism and the consultants’ vast industry knowledge and experience were clearly evidenced. The report was delivered on time and I found it very comprehensive with good drill-down detail. Præsidium delivered beyond what was expected.”

www.praesidium.com

Why Præsidium?Præsidium is a Global Business Assurance consultancy. Founded in 1997, the company has successfully provided risk management consultancy to more than 100 Communication Service Providers in over 80 countries on 6 continents. Præsidium has gained solid recognition in the market amongst its substantial customer base and among global standards agencies. These include the GSMA Security Group & Fraud Forum, the Telemanagement Forum and ETSI.

• Providing an independent and unbiased opinion of the position on Fraud Management.

• Covering key elements of people, processes and tools used for Fraud Management.

• Delivering gap analysis that details the current position, risks identified and industry benchmarking.

Telecoms Network Security Audit

Description

Benefit

Deliverable

Timescales

Technical security audit of the main core telecoms network and/or NGN. This will include:

• Review of security settings around key network elements (HLR/AUC, MSC, IN, GGSN/SGSN, SS7 etc).

• Security review of interfaces with VAS and OSS/BSS elements.

• Identifying potential security risks and likelihood of impact/severity.

• Review of network segregation.

• Encryption & ciphering standards.

• Organisational review of security strategy and management.

• Security incident reporting & escalation practices.

• Review of tools used to support security implementation.

Præsidium will assess the overall level of security standards in place relating to the confidentiality, integrity and availability of corporate and customer data across the telecoms network.

• Executive report covering observations together with corrective recommendations and actions required.

• Optional network penetration and vulnerability testing.

• Executive management presentation of high-level findings and agreed way forward.

Approximately 4-6 weeks (2 consultants onsite and offsite).

• Independent and expert perspective of current telecoms security threats and vulnerabilities.

• Identify security risks that occur in complex telcos and provide best practice security recommendations.

• Based on best practice industry standards such as GSMA, ISO & ITU.

Præsidium’s ‘Telecoms Network Security Audit’ provides CSPs with significant expertise and knowledge to enable the implementation of effective and practical business and technical controls to reduce risk.

PortugalEdifício Picoas PlazaRua do Viriato, 13E núcleo 6 - 4º andar1050-233 LisbonTel: + 351 210 111 400Fax: + 351 210 111 401

BrazilTorre Rio Sul, Rua Lauro Muller 116;27º Andar – Sala 2701CEP: 22299-900 BotafogoRio de JaneiroTel: +55 21 2543-5419Fax: +55 21 2543-5419

SpainEdifício Cuzco IVPaseo de la Castellana, 141 8ª planta28046 MadridTel: + 34 91 572 6400Fax: + 34 91 572 6641

IrelandMaple House,Temple Road, Blackrock,Co. DublinTel: + 353 (0)1 400 3900Fax: + 353 (0)1 400 3901

United KingdomDavidson House, Forbury Square, Reading, RG1 3EU,Tel: +44 118 900 1054Fax: +44 118 900 1055

www.praesidium.cominfo@praesidium.com

DIGIT©

Præsidium uses its proven DIGIT© (Dynamic Information Gathering Interviewing Technique) methodology during the review process with key managers and staff. Employees at various levels of management have different perceptions of what should and actually happens in any given working practice. Management may believe policies & procedures are being followed, but in reality, these may be bypassed due to the following reasons:

Non-compliance

No policy mandate

Insufficient skills levels or training

Work overload and time pressures

Poor supervision or guidance

Employee complacency

Lack of awareness of overall risk strategy

DIGIT© essentially uncovers the reality of working practices & compliance – the true position. It highlights weaknesses that may result in risk exposure and ensures that accurate information is recorded to enable effective and pragmatic recommendations to be provided.