In line with the DOT circular on 30-05-2011 and subsequent communications on the same by TRAI in different circles, Minimum Baseline Security Standard (MBSS) are to be maintained by the ISP/Telecom providers on yesterday basis.
Extracts of the same mandate are enclosed below:
• The Security objectives and the requisite controls to meet defined security objectives for Organizational setup, roles and responsibilities, Guidelines, Control, Training and Documentation
• Information Security policy
• Security architecture of telecom network
• Security Risk Management
• Periodic evaluation of the information security performance and effectiveness of the security management
• Periodic auditing of network (including VAPT) from security point of view
• User Access management, Change Management
• Encryption in order to protect confidentiality, authenticity and integrity of information
• Business Continuity and Disaster Recovery
• Data Protection along with Backup, retention and destruction policies
• Incident Management
• Periodic training, awareness program
• Inventory Management and classification of information assets and their handling
With respect to the mandate, it is recommended to carryout Gap Analysis, Remediation and Certification for ISO 27001:2013 along with proper Network Audit (VAPT) in order to have DOT compliance. Please note below are the steps to comply with DOT Norms:
• Study of existing Business Processes, Procedures & Technologies
• Gap Analysis of Business Processes, Procedures & Technologies as per ISMS framework
• Design and Deployment of Information Security Framework as per ISMS framework through the Orient Team.
• Preparation of remediation road-map, which will suggest modification of Business Processes, Procedures & Technologies in line with findings of Gap Analysis.
• Suggest essential Security Tools & Technologies in the remediation roadmap.
• Formation of Security Policy of the Organization.
• Preparation of Security Manual, Business Policy, Procedures & Templates in line with ISO 27001:2013 standard.
• Preparation for DOT Forms for submission
• Organizing Management review & Getting above Policies & procedures approved.
• Conducting Awareness Training of Management Team & Stake Holders
• Vulnerability Assessment and penetration testing
• Conducting Internal Audit in line with ISO 27001:2013 standard.
• Certification by QSA.
Our core competency is on consulting domain where we perform end to end Gap analysis, remediation and implementation for different technology and processes. The DOT circular clearly indicates the importance and enforcement of VAPT, 3rd Party Risk Assessment, ISO 27001 implementation and certification.
Few typical offerings under Consulting portfolio revolves around the following domain:
• Gap analysis & remediation Plan,
• Network Audit / VAPT (Vulnerability Assessment and Penetration Testing),
• Web Application Security audit , Mobile App Security Audit ,Web Site Security audit ,
• Implementation & Certification of ISO 27001, ISO 9001, ISO 14001, OHSAS 18000,
• Implementation & Certification of CMMi (Capability Maturity Model Integration) Level 3 and Level 5 process.
ANY QUERIES ON THE SAME CAN BE DIRECTED TO FOLLOWING TEAM:
BHASKAR : 9804251174 | SUDIPTA : 9433004104 | PAHARI : 9830269295 | SHAMPA: 9903687873
Tags: DOT, DOT Compliance on Cyber Security for the ISPs, ISO 27001, ISP, MBSS, Minimum Baseline Security Standard, TRAI Circular, VAPT
This post was written by Prime Research Team