Your session has expired.

Your authenticated session has expired due to inactivity. You can close this message and continue as a guest or log in again before proceeding.

Your reply has been posted successfully!

Entries » Blog » The importance of the information security framework Author: Paul Hill

The importance of the information security framework Author: Paul Hill

Created Jun 30 2016, 5:00 AM by Paul Jeffs

Securing your radio communications network from cyber attacks is essential but there is a common misconception that up-to-date antivirus software and complex passwords result in complete system security. The reality is that information security is an extremely broad subject which encompasses multiple security domains. Of course, updating antivirus is a vital measure, however it is a single link in the information security chain and like any chain; it is only as strong as its weakest link.

Information security frameworks exist to ensure that every possible link in the chain is considered when implementing the appropriate security measures and controls. ISO27001 is globally recognised, risk based information security management system which covers the following areas.

  • Information security policies
  • Organisation of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of Business Continuity Management
  • Compliance

Failure to consider each of these security domains could result in security holes within your radio network that may be targeted and exploited by potential attackers.

You do not need to look far to realise that this is a modern reality. Recent high profile cyber attacks provide us with hard evidence that failing to take a layered, holistic approach to information security can severely impact your organisation. If we examine the Target data breach in 2014, we can see that multiple issues within several of the security domains all combined to create the devastating outcome.

A phishing email was sent to a third party supplier allowing malicious software to obtain privileged user credentials. From here the attackers were able to access the main network and infect point of sales registers with software capable of capturing credit card information. In this particular example there are serious questions that could be asked within the following security domains:

Access control – Why did the third party supplier have privileged access to the main network?

Physical and environmental security – Were staff at the third party supplier trained to recognize phishing emails and act accordingly?

Physical and environmental security – How were the individuals identified at the third party supplier and were they aware of social engineering methods?

Operations security – Were the POS registers up to date with patches and antivirus signatures?

Supplier relationships – Is there confidence in the security operations implemented by suppliers?

Whilst security measures had been implemented in this instance, it is very clear that there could have been increased vigilance to answer and address these questions – a rigid security framework will prompt you to safeguard against one of the most dangerous information security threat sources…complacency! Radio communications networks along with Public safety networks as are no exclusion to this and should be subjected to the same security principles.

There are several globally recognised information security frameworks which can assist you in establishing your information security posture - ISO27001, NIST and COBIT for example. Many similarities exist between the frameworks and each one is extremely comprehensive establishing risk as the core influence. It is the risk assessment and risk treatment process in conjunction with the security domains which allows an organisation to form their security landscape.

The world of cyber security can change in a heartbeat. The rate of attacks is ever increasing as is the levels of sophistication. So much so that the security controls you implement on your network today maybe powerless to defend six months later. A commitment to a security framework ensures that you stay at the forefront of information security trends and engage in a continuous cycle of risk assessment and risk treatment. The only way to ensure that your radio communications network is armed against evolving security threats is to rinse and repeat this process.

At Motorola Solutions we can help you to form a risk posture which will safeguard you radio communications network against emerging cyber threats and trend. By guiding you through the process to adopt an information security framework, we will assess the risks which pose threats to your system and help you to implement the relevant controls to mitigate them.

Download our new white paper to learn how you can enhance your cyber resiliency - Cyber Resilience - The New Critical Mission for Public Safety

To see how we have engaged with previous customers on cyber security engagements, please take a look at our case study video:

 

Paul Hill is Security Services Delivery Lead

Paul is on LinkedIn

 

Follow #ThinkPublicSafety and @MotSolsEMEA on Twitter.