Cybersecurity risk management
Key documents for cybersecurity risk management
Cybersecurity risk management is essential for mobile network operators to maintain secure infrastructures. The GSMA offers frameworks like the Mobile Threat Intelligence Framework (MoTIF) to help organisations understand how adversaries attack mobile networks. By analysing tactics, techniques, and procedures (TTPs), operators can create strategies to manage and reduce risks. Key documents on this page offer baseline security controls and threat intelligence, enabling operators to establish strong cybersecurity risk management practices.
GSMA members can access resources on security risks related to mobile technologies, vulnerability disclosures, and risk assessment frameworks. This page also features guides on identifying threats and implementing quantum-safe technology, ensuring operators stay ahead of future challenges. Using this critical information is essential for staying compliant and protecting networks and customer data from sophisticated cyber threats.
Related documents
| Document | Description | Access |
|---|---|---|
| MoTIF Framework (FS.57) | The Mobile Threat Intelligence Framework (MoTIF) is a framework to describe how adversaries attack and exploit mobile networks by presenting the tactics, techniques and procedures (TTPs) that are used. | Public  |
| Baseline Controls (FS.31) | The GSMA provides a comprehensive set of baseline security controls to help operators understand and establish a strong security posture, helping to improve network security and resilience. | Public |
| 5G Fraud (FS.39) | This guide identifies fraud risks associated with 5G technologies and services and provides recommendations to mitigate them. It is tailored for GSMA members, helping them prepare for and tackle emerging fraud challenges. | Members only |
| Security Manual (FS.30) | For GSMA members, this manual outlines key security threats to mobile networks. By highlighting evidenced risks, it enables operators to protect their infrastructure and customers more effectively. | Members only |
| Fraud Manual (FF.21) | This manual offers a detailed guide to various types of fraud affecting mobile networks. It helps GSMA members identify areas of potential fraudulent exposure and effective preventative actions. | Members only |
| 5G Security (FS.40) | This document provides a comprehensive look at 5G security developments. It provides essential information, references and insights needed to adapt to the rollout of evolving technologies. | Public |
| Coordinated Vulnerability Disclosure (FS.23) | This document describes the GSMA’s CVD programme, which enables security researchers to report security vulnerabilities. This coordinated process drives action to address discovered security weaknesses, improving overall cybersecurity levels. | Public |
| Post Quantum Telco Network Impact Assessment (PQ.01) | This report analyses the dependencies and timelines for the telecom industry’s shift to quantum-safe technologies. In addition, it outlines actionable steps that operators can take to ensure a smooth and secure transition. | Public |
| Guidelines for Quantum Risk Management for Telco (PQ.02) | By focusing on cryptanalytic risks, this document shows how to adapt traditional risk assessment frameworks for the telecom sector. For instance, it uses relevant use cases to offer operators tailored guidance. | Public |
| Post Quantum Cryptography Guidelines for Telecom Use Cases (PQ.03) | For stakeholders planning the transition toward quantum-safe cryptography, this document provides best practice guidelines. Ultimately, it supports long-term cybersecurity strategies within the telecom ecosystem. | Public |
| T-ISAC Service Offering (FS.32) | This document outlines the policy, process and functionality of the GSMA’s Telecommunication Information Sharing and Analysis Centre (T-ISAC) to facilitate the sharing of threat information in a trusted environment. | Public |
| Artificial Intelligence Security Guidelines (FS.49) | This document provides GSMA members with security guidelines that are focussed on risks related to AI technology. It also outlines mitigation measures that operators should implement to securely run AI applications. | Members only |
Please note, resources marked ‘Members only’ can only be accessed by GSMA members