U.K. government issues telecom, mail security guidance

Published 20 September 2007

From the most sophitcated wireless communication to the old-fashioned, humble mail: Organizations are vulnerable to disruption and mischief, and the U.K. government wants to help

Here are two useful security dcouments:

The U.K. Center for the Protection of National Infrastructure (CPNI) has released a CSIRTUK advisory titled “Sources of Guidance on Security in the Telecommunications Sector.” The documents referenced in this advisory are broken down into the following nine subjects: Governance, Risk and Audit, Security Policy, External Parties and Outsourcing, Asset Management, Business Continuity Management, Compliance, Personnel Security, Physical and Environmental Security, and Information Security. CPNI accompanied the release by saying: “This guidance is focused on telecommunications in the UK, but includes documents from a number of other countries and international organisations … Some of the documents are freely available on the internet, as indicated by the hyperlinks, while the rest can be purchased from the organisations which publish them. All the documents are issued by reputable non-commercial organisations.”

CPNI has also updated its security advice on mail and deliveries. In general, the CPNI warns that “[t]errorists and others wishing to cause harm or disruption have long used postal and courier services to deliver hazardous items to target recipients.” Among the CPNI’s recommendations is that companies conduct a proper risk assessment to give a good idea of the likely threat to your organization and indicate precautions you need to take.