In order to adequately respond to current and future risks related to the 5G network, a risk-based method is required:
- Risk identification: identification of assets or threats;
- Risk evaluation: identification of metrics, risk criteria and quantification of the relative risk value;
- Risk treatment: application of the strategies recommended by the Threat Vulnerability and Risk Analysis (TVRA) method, with a focus on the redesign and hardening of assets, as well as compliance with applicable security standards.
Once the risk assessment plan and the corresponding risks have been defined, the process continues with the assessment of the most appropriate security solution for each layer of the 5G architecture (endpoint, end-to-end communication, cloud & core network).
In this phase, the following activities are carried out:
- The analysis and definition of security requirements;
- Technical analysis and scouting for the security solution;
- The evaluation of the solution identified with regard to the technological and to the business context, in order to develop a Proof of Concept.
The implementation of the security solution identified can be managed at the Core Network or at the Edge level, ensuring active infrastructure security, as well as network and security events monitoring.
The Reply approach focuses on the scalability of the solution, ensuring operation and maintenance upstream of the delivery phase, as well as end-to-end protection at the infrastructure level.