| As a provincial subsidiary of China Mobile, Gansu MCC manages a giant Mobile Communication Network focused on GSM Voice Service and supplemented by Data Service. The Network supports a large quantity of service and systems. Once it is attacked which leads to information leakage and falsification, it will bring immeasurable loss to individual users, corporate users and even China. In order to enhance GS MCC's control over Data Network and its ability in protecting the information on the Data Network, GS MCC conducted an assessment on the status quo of information security on its Data Network and put forward several improvement measures to solve specific problems.Based on our understanding to the international mainstream assessment methodology for information security, we adopted PDCA in ISO27001 as our main directive to guide the whole project. We also referred to SSE-CMM,ISO15408 and ISO13 when evaluating crucial factors such as risk and setting up security system, security planning, security strategy and security scenario, which provides the theoretical basis for setting up a security system for Gansu Data Network. According the criteria and relevant technical standards, we nailed down the evaluating procedures for six phases.The essence of Data Network Security Assessment is to analyze the vulnerable areas and threats with focus on Data Service and assets, and simultaneously to evaluate the status quo of system security, providing foundation for establishing improvement measures. The analysis will be conducted from aspects such as system assets of Data Network, threats that the network faces, vulnerable areas and security control measures. In this way, we can estimate the risk that the telecommunication system faces from technical point of view and management angle. Based on the results of the analysis, combined with interviews to Data Network staff as well as a technical analysis to Data Netwerk servers and network equipment configuration, we performed a comprehensive analysis over the status quo of Data Network information security. Based on the security assessment over professional networks and their applications (such as CMNet, SMS, WAP gateway, MMS, GPRS), we understand that GS Mobile Data Network mainly uses IT system and common operating system, and that it is connected to the Internet, it will inevitably face lots of security threats. Meanwhile, since GS Mobile Data Network has just started its endeavor on information security, obvious insufficiencies exist in not only process, regulations, rules but also hardware security. In order to reduce and even get rid of the security risk efficiently, we drafted from management and technical aspects a security building-up strategy that focuses on "overall planning, focal protection, focal protection and step improvement". Besides, we also put forward improvement measure that can be divided into three phases:setting up foundation for security system, perfecting security system and completing security system. In addition, different implementary plans are settled down for different improvement measures, thus strengthening information security for GS Mobile Data Network. |
PDF Full Text Request