Wave #11: The Telco Profile

A quick start for telecommunications providers

As we discussed previously in the Community Profiles post, there is a tremendous amount of value in developing profiles for a community of interest. These profiles offer a place to aggregate, analyze, and prioritize cybersecurity outcomes for groups of organizations that have some commonality.

Over the last year, we have been working closely with small, regional providers in the communications sector. We have over 20 clients for our cybersecurity risk management work, some of them signing on to have us as their virtual CISO. With this breadth of experience comes an opportunity to apply lessons learned. Seemless Transition LLC is proud to announce we have released v1.0 of the Telco Profile!

The Telco Profile was built from standards and best practices within the telecommunications sector: CSRIC Working Group 4 Final Report, NTCA Sector Specific Guidance for Small Network Service Providers, and the CISA Cross-Sector Performance Goals. Naturally, it is resting on the bedrock of the de facto standard of the NIST CSF v2.0.

With the small providers in mind, the Telco Profile is streamlined to focus on the top 10 things these organizations should tackle first. By aggregating, analyzing, and prioritizing the key references, STLLC built the Telco Profile to be backed by industry best practice so implementing organizations know they are getting a return on their cybersecurity resources. The top 10 activities are rated “high priority” by every reference evaluated; therefore, all top 10 activities are maximizing value to the organization.

We are excited to continue working with the telecommunications sector to make the Telco Profile as responsive to the community’s needs as possible. We are excited to see what organizations can do with the Telco Profile and what tweaks they may want to make as they dig into implementation.