| More and more units, organizations and corporations are using internet to handle the office work, management, business, communication and cooperation. It is more and more important for the confidentiality, integrity, availability and online communication of the sensitive information. Anyone who manages a network needs to react to virus and hackers. As an indiscerptible part of the nation's basic establishment, the telecom network operator provides indispensable service for the economy. Thus the protection for it is not only the requirement of the corporation itself but also the obligation of maintaining national security.This paper describes the status and characteristics of the information security of telecom network operators, analyzes the security establishment and points out that the security establishment of telecom operation information is always derived from security events, lacking for positive and quantitative system analysis. Meanwhile the methodology of BS7799, OCTAVE, SSE-CMM and GB/Z are not adopted in the establishment, evaluation and management work. Through the information security management system of BS7799 plus the status description of telecom operator, it provides the basic thought of network establishment of information security of telecom operator, which is circular establishment of PDCA model.In the designing phase of ISMS, the characteristic of the current vulnerabilities evaluation of telecom operators is that because the work is taken on by the factories, the results are mostly qualitative analysis but quantitative analysis, thus the security of the system and how to improve it are basically determined by the factories and even their products, which is to some extent subjectivity. This paper suggests introducing CVSS in the process of risk evaluation as the basis of quantitative analysis of vulnerabilities evaluation. Vulnerabilities is an important factor of network security, it involves and influences in many security products such as leak scanning, intrusion detection, antivirus and patch management etc. However, there is no unitive standard in the industry. The CVSS is an open and free standard which is developed by NIAC and maintained by FIRST. It is a new and more active method for quantitative analysis of Vulnerabilities analysis. In addition, it is more easily to joint with the needs of operator.In the practicing phase of ISMS, this paper considers the differentia between telecom operator and other corporations which is the partition of security domain, and provides the approaches of security reinforce that fit the telecom operators. Firstly, the security domain are plotted. Secondly, the boundary protection is implemented. Thirdly, the security reinforce is carried out. It sums up the problems and solutions in the process. At the management side, the maintain work is heavy and inefficient because of the huge amount of equipments in the network of telecom operators. This paper suggest that establishing the Security Operation Center is feasible to improve the security of telecom operators. It describes the frames and functions of the SOC, and provides the thought to build it, which is dividing it to steps. Furthermore, it summarizes the problems needed to pay attention to to prevent inefficiency. |
PDF Full Text Request