Saturday, 19 May 2012
Making your
business happen
Core & IT network risk assessment
-
font size
decrease font size
increase font size
- Project Name
- Core & IT network risk assessment
- Client
- Leading mobile telecommunications provider
- Country
- South-eastern Europe
- Dates
- 2010–2011
- Project description
- Our customer, a mobile telecommunications network company, wished to reach the required level of information security by identifying information security-related weaknesses. The scope of the project therefore covered analysis and assessment of the company’s business operations, taking into account the user population (IT and non-IT), key business processes and key supporting infrastructure, including the company’s core network infrastructure (GSM, GPRS, ISP). The challenges were: presenting different kinds of technical risks under a common risk; assessment methodology; applying information security risk assessment methodologies to a telecommunications infrastructure; identifying the threat sources in the area under assessment which might affect the key business processes; and associating key business processes with underlying technological infrastructure.
- Solution
- A structural approach was deployed in order to fulfil our customer’s requirements. In phase 1, ‘Environment mapping’, CRI Consultants studied the company’s business processes and key supporting infrastructure to fully identify the security requirements. In phase 2, ‘Risk and vulnerability assessment’, our Consultants examined business-organisational, operational and technical levels for information security weaknesses that could potentially be exploited to attack the system. Finally, a risk assessment report was drawn up which provided recommendations for control implementation. It helped senior management, information security managers and mission owners to make decisions on policy, procedural, budget and system operational and management changes.