Tag: TSR
-
Making sure you don’t CoP a packet – Managing third-party admins in the TSA
This is my next (albeit belated) article in my series of eight articles on the Telecoms Security Framework (TSA in common vernacular). If you’ve read “PAM in the TSA – whose definition is it anyway?” you’ll know that managing privileged access isn’t just about technology — it’s about control. In my previous article, “PAM in… Read more
-
What the CoP – Is the Cloud forecast clear for TSA?
I often liken the process of achieving compliance with the Telecommunications Security Act (TSA) as being a journey, with many crossroads and pitfalls along the way. The devil is in the detail and there is a range of myths which can lead you into a cul-de-sac. The use of public Cloud services is often a… Read more
-
Are your consultants helping you on your TSA journey?
I’ve been speaking to a range of stakeholders recently involved in the delivery of compliance regarding the Telecommunications Security Framework (also called the TSA). The overriding experience I’m hearing is one of consultancies using their existing approaches and processes without regard to the governance requirements of the framework implemented by the Telecommunications Security Code of… Read more
-
What the CoP – are you missing key supply chain measures?
Introduction I’m seeing organisations who are looking the 54 Technical Guidance Measures within the Third party supplier measures 3 section as part of their compliance journey with the Telecommunications code of practice, yet are unclear on when the measures need to be addressed because they have a indicated date of evidence as being all new… Read more
-
What the CoP? Understanding the status of the TSA code of practice
‘Big fines if you don’t comply with the TSA’ is a common mantra you’ll hear from those selling TSA compliance to providers of public electronic communications networks and services (PECN and PECS), but what part does the Telecommunications Security code of practice (code of practice) play in the wider Telecommunications Security Framework? What is the… Read more
-
Five things that could be impacting your TSA programme
It’s a new year and the first returns have been sent, but are there things that are likely to be hampering your TSA programme that you may not be aware of? In my experience of not just delivering compliance with CAS(T), HSCN but now the Telecommunications Security Framework (also called the TSA) there are five… Read more
-
PAM in the TSA, who’s definition is it anyway?
We’re now in the second half of my eight-part series in the Telecommunications Security Framework (also known as TSA/TSR), and we are now getting to the technically interesting items. PAM – what is it anyway? There’s a lot of discussion about privileged access management, and even more confusion with the term ‘PAM’. This term can… Read more
-
Governance matters in the TSA
So we are now at the half-way point in an eight part series on the Telecommunications Security Framework which is intended to allow providers of public electronics communications networks and services (PECN and PECS) to understand the key activities they need to assess to show compliance with the duties and specific security measures under law… Read more
-
Managing assets in the TSA
Asset management – it’s often hard but a necessary evil Asset management is like going to the dental hygienist, you know you really should do it, but it’s never done regularly enough to keep on top of things. It you are in Telecoms and feel this is true (go on admit it, we’re amongst friends… Read more
-
Addressing the myths in the TSA
Building on from my previous article giving an overview of the Telecommunications Security Framework, I’m now going to look at some of the myths that have arisen around the subject which need addressing to ensure that organisations and professionals alike are aligned in the level of understanding required to move forward to achieve compliance. Myth… Read more