DOT Compliance on Cyber Security for the ISPs

February 28, 2019 5:19 am Published by

In line with the DOT circular on 30-05-2011 and subsequent communications on the same by TRAI in different circles, the Minimum Baseline Security Standard (MBSS) is maintained by the ISP/Telecom providers on yesterday basis.

Extracts of the same mandate are enclosed below:

  • The Security goals and the requisite controls to meet the characterized security destinations for Organizational setup, roles and responsibilities, Guidelines, Control, Training and Documentation
  • Information Security policy
  • Security architecture of telecom network
  • Security Risk Management
  • Intermittent assessment of the data security execution and adequacy of the security management
  • Periodic auditing of the system (including VAPT) from the security point of view
  • User Access management, Change Management
  • Encryption to protect confidentiality, authenticity, and integrity of the information
  • Business Continuity and Disaster Recovery
  • Data Protection along with Backup, retention, and destruction policies
  • Incident Management
  • Periodic training, awareness program
  • Inventory Management and order of data resources and their dealing with

Concerning the mandate, we recommend to carry out Gap Analysis, Remediation, and Certification for ISO 27001:2013 along with proper Network Audit (VAPT) to have DOT compliance. Please note below are the steps to comply with DOT Norms:

  • Study of existing Business Processes, Procedures & Technologies
  • Gap Analysis of Business Processes, Procedures & Technologies as per ISMS framework
  • Design and Deployment of Information Security Framework as per the ISMS framework through the Orient Team.
  • Preparation of remediation roadmap, which will suggest modification of Business Processes, Procedures & Technologies in line with Gap Analysis findings.
  • Suggest essential Security Tools & Technologies in the remediation roadmap.
  • Formation of Security Policy of the Organization.
  • Preparation of Security Manual, Business Policy, Procedures & Templates in line with ISO 27001:2013 standard.
  • Preparation for DOT Forms for submission
  • Organizing Management review & Getting above Policies & procedures approved.
  • Conducting Awareness Training of Management Team & Stake Holders
  • Vulnerability Assessment and penetration testing
  • Conducting Internal Audit in line with ISO 27001:2013 standard.
  • Certification by QSA.

Our core competency is in the consulting domain, where we perform end to end Gap analysis, remediation, and implementation for different techniques and processes. The DOT circular indicates the importance and enforcement of VAPT, 3rd Party Risk Assessment, ISO 27001 implementation, and certification.

Few typical offerings under Consulting portfolio revolve around the following domain:

  • Gap analysis & remediation Plan,
  • Network Audit / VAPT (Vulnerability Assessment and Penetration Testing),
  • Web Application Security audit, Mobile App Security Audit, Web Site Security audit,
  • Implementation & Certification of various standards like ISO 27001, ISO 9001, ISO 14001, OHSAS 18000, ISO 20000 etc.
  • Implementation & Certification of CMMi (Capability Maturity Model Integration) Level 3 and Level 5 process.
  • SOC2 Audit
  • GDPR Compliance
  • PCI-DSS

ANY QUERIES ON THE SAME CAN BE DIRECTED TO THE FOLLOWING TEAM:

SUDIPTA : 9433004104 | SHAMPA: 9903687873

Tags: , , , , , , ,

Categorised in: , ,

This post was written by Prime Research Team

Comments are closed here.

×
WhatsApp WhatsApp us