For telecom operators, a high degree of informatization is the basis of all business, management and operation activities of the enterprise. The state has issued a lot of information security laws and regulations, the Ministry of Information industry has been linked to security and business access, with the deepening of the work of telecom operators will be more and more demanding. At the same time, the enforcement of new regulatory requirements by overseas governments and capital markets, such as the Sarbanes--sox Act, requires operators to further comply with safety control requirements.
Looking at the telecom market, the major operators of the "transformation" are in the search for a new blue sea, it and telecommunications quickly integrated into ICT, and it for the traditional communications industry injected unlimited vitality, but also caused a lot of security problems, whether to solve these security problems, become operators and competitors to open the gap between the key, and has become a new business growth point. In this context, the major operators need to establish a sound information security management System (ISMS), through the international authority of the security certification, and continue to consolidate and improve, and to win the trust of customers at home and abroad and the international capital market, for the sustainable and healthy development of the company escort.
Relevant international standards and laws
As an important criterion for establishing the Information Security management System (ISMS), the BS7799 standard is adopted by ISO, which is derived from ISO 17799 "Information security Management Implementation Rules" and ISO 27001 "Information Security management System Specification". ISO 17799 is the guideline for the establishment and implementation of information security management system, ISO 27001 is the basis for the audit of information security management system standards. Obtain ISO 27001 certification is the enterprise has a sound information security management system symbol.
The ISO 27001 Standard details the requirements of establishing, implementing and maintaining the information security management system, and points out the risk assessment criteria that should be followed by the implementing agency, the core of which is the PDCA (plan-do-check-act) model.
The Sarbanes-Sox bill, another more international rule, was founded in 2002 by the US Securities and Exchange Commission, a historic bill aimed at eliminating corporate financial fraud and malpractice, requiring all companies listed in the United States to pass the bill.
The SOX act has the greatest impact in 404, which stipulates that the company's management should be responsible for the effectiveness and authenticity of the internal control and Financial accounting statements, and that the company must employ an external auditor to independently audit the internal control and financial statements of the company and issue the audit results.
The core requirement of Sox Act is to avoid risk and improve internal control. Because the operation of modern enterprise relies more and more on IT system, it control becomes an important part of enterprise internal control. The SOX act focuses on the need for CEOs and CFOs to demonstrate that their companies have appropriate internal controls, and that if the system for maintaining financial data is unsafe, it is difficult for senior managers to guarantee the validity of the data and to guarantee the reliability of their internal controls, so internal controls have been extended to the legal requirements.
ISO 17799/27001, together with the COBIT Standard and COSO framework that define the information governance process, has perfected the 404 sections of the Sarbanes-Oxley Act relating to safety and internal audit.
Venus-Chen Safety certification, consulting services Solutions
Star Chen Company actively refer to ISO 17799/27001 and COBIT to provide customers with security certification, consulting services, and ultimately meet the requirements of Sox Act. At the same time we also realize that the real purpose of security certification is not only to obtain certificates, but also to establish a practical network and business security system, to help operators to win more users, especially high-end international users and investment, on this basis, the Sox internal audit into specific operations, To shape the excellent operation and maintenance team, driving greater economic efficiency.
It should be seen that security management has a macro, meso and micro-triple level, ISO 27001 in the macro-security management system planning has a good definition, but the meso-adjustment, in particular, micro-implementation is to be left to the implementing agencies to solve their own situation, in other words, ISO 27001 to provide theoretical guidance from the macroscopic angle. The implementation of ISO 27001, ISO 27001, must be based on the operator's main business, from the perspective of the micro and the implementation.
Venus Chen Company to provide operators with three-dimensional ISO 27001 defense system, involving macro planning and monitoring, consolidation of meso-integration, micro-technology to achieve, at each level, and in-depth provision of assessment services, emergency services, technical training and technical support, really do will ISO 27001 certification to the security operators to implement daily technology, tools, platforms, processes, regulations and other levels.
Income
In addition to obtaining certification, implement and consolidate the results of safety certification, including:
To develop practical and operational safety regulations and safety policies;
Implement network security optimization program;
Carry out deep security assessment and submit safety reinforcement suggestion to the system;
Provide telecommunications-level emergency response services;
Provide professional safety management and safety technical training;
Implement comprehensive security monitoring.