Download practice

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

Cracking of wireless networks wikipedia, lookup

Distributed firewall wikipedia, lookup

Wireless security wikipedia, lookup

Computer security wikipedia, lookup

Network tap wikipedia, lookup

Deep packet inspection wikipedia, lookup

Security-focused operating system wikipedia, lookup

Citizen Lab wikipedia, lookup

Hacker wikipedia, lookup

Cybercrime countermeasures wikipedia, lookup

Mobile security wikipedia, lookup

Computer and network surveillance wikipedia, lookup

Cyber-security regulation wikipedia, lookup

Cyberwarfare wikipedia, lookup

International cybercrime wikipedia, lookup

Cyberattack wikipedia, lookup

Cyberterrorism wikipedia, lookup

Transcript
Regional Telecommunications
Workshop on FMRANS 2015
Presentation
ISSUES TO BE COVERED IN
THE DISCUSSION
 Fraud management and Revenue Assurance
o Our Understanding of the subject matter
o The Practice
o Case studies
o Lessons
 Cyber Security
o Our Understanding of the subject matter
o The Practice
o The environment
o Lessons Learnt
ISSUES TO BE COVERED IN
THE DISCUSSION Cont.…
 Network Security
o Our Understanding of the subject matter
o The Practice
o Case studies
o Lessons
REVENUE ASSURANCE OUR
UNDERSTANDING
REVENUE ASSURANCE:Is the use of data quality and process improvement
methods to improve profits, revenues and cash
flows without influencing demand
KEY ISSUES
 Use of data quality (Data gathering becomes an
issue)
 Process Improvement (Value chain)
 Aimed at improving profits, Revenue and Cash
flows
 Without influencing Demand
TOOLS, HARDWARE AND
SOFTWARE CONFIGURATION
 Fraud Management system.
• IPProbes connected to the IP network (near real-time)
• IProbes- connected to the SS7 for real-time monitoring of
PSTN (near-real-time)

o
o
o
Audit Analysis tools
ACL Analytics
IDEA Analytics
Excel platform for following up on trends and patterns.
FMS IN PRACTICE/ TOOLS, HARDWARE AND
SOFTWARE CONFIGURATION
 Collision and Velocity Rules (To monitor time and space
inconsistences for the Wireless Voice network e.g.
CDMA)
 Behaviour Analysis Rules- to monitor radical changes in
usage profile
 Profile Rules to monitor “under the radar attacks” that
occur over time
 Real-time Rules to monitor calls as they occur (e.g.
monitoring fast and furious frauds)
 Multi-Service Rules (to monitor voice, ADSL on one
subscriber)
 New Subscribers Rules- to monitor behaviour of new
clients
FRAUD INCIDENCES/ CASE STUDIES
CASE 1: HACKING OF CUSTOMER IPBX
 With the development of technology clients regardless of
which service is engaged they are moving to IP-PBX.
 IP based PBX have shown that they are vulnerable and
susceptible to hacking considering that they are on line.
 As technology is adopted clients are not taking adopting
appropriate countermeasures with speed and this has resulted
in hacking taking place.
 The attacks are then picked through everyday profiling
activities done for traffic directed to hot destinations.
 The responsibility to ensure that last mile equipment
connected is safe and free from any cyber vulnerabilities rests
with clients who in most cases engage 3rd parties for
installations.
Fraud Reporting
There is a robust whistle blowing facility
rewarding up to $2500 for major proved issues;
There is a Revenue Assurance Unit continuously
profiling possible fraudulent activities;
There is a Forensic Services unit following up on
areas of high fraud risks; and
Periodic Internal Audit Reviews
REPORTING GOVERNANCE
All
incidents
investigated
are
then
communicated to the Board through the Audit
Committee of the board with clear action
plans.
RESPONSE
Inbuilt risk management in the revenue
assurance field by;
 Identify each system
What can go wrong/ how can the system be
manipulated
 How do you deal with the risk/ possible risk/
opportunity.
You can then develop the rule in the system/
use other means to verify the existence of the
problem;
Come up with treatment strategies in
consultation with responsible person, then
Monitor and evaluate for effectives.
CYBER SECURITY OUR UNDERSTANDING
Cyber security refers to the technologies and processes
designed to protect computers, networks and data from
unauthorized access, vulnerabilities and attacks delivered
via the Internet by cyber criminals.
KEY ISSUES
 Technologies designed to protect computers, networks
and data
 Processes designed to protect computers, network and
data ;
 Vulnerabilities and attacks delivered via the internet.
.
CYBER SECURITY- THE ENVIRONMENT
Over the past few months there has been an
increase in cyber attacks/ online hacking
locally and internationally.
Hackers typically steal an internet/ computer
user’s information for various reasons including
to commit fraud
In Zimbabwe, an average of 12 companies per
month are subject to some form of cyber
attack with the most common type of attack
being website defacements.
PRACTICE
The following approach has been adopted in dealing with
Cyber attacks : Form part to the national team formulating cyber
security policy and laws ( Draft stage)
 Developed Cyber Security framework and Cyber
Security Response Plan.
 Carry out vulnerability assessments to ensure corrective
action is taken.
 Scan the international, Regional and National Cyber
attacks with a view to understanding the method of
operation. www.zone-h.org
 Match method of operation to our own systems to
ensure proactive action is taken.
 Awareness training to members of staff.
PRACTICE
NETWORK SECURITY ISSUES
Service uptime is affected by network
vandalism as a result of
Criminal elements
Damage by other operators as they
increase their network infrastructure.
COUNTER MEASURES
 Have installed real time alarm systems on
vulnerable route;
Established armed security reaction teams;
Continue to engage our industry counter parts
on vandalism taking place during trenching;
Have intensified the reaction strategy with
high
prosecution
success
rate
taking
advantage of the newly enacted criminal law
amendment Act that has a mandatory
sentence of 10 years.
Carrying out awareness campaigns
Lessons
IP platforms have brought new threats to
operations for operators.
Fraud cuts across networks
As organisations we are moving slowly in
building capacity to deal with new and
emerging threats.
Thank You