In 2022, AT&T’s work to advance network and data security included:

• Continuing to utilize state-of-the-art security tools to detect and mitigate cyber threats to our network.
• Sharing threat intel with appropriate authorities, industry groups, vendors and peers to aid in securing the nation’s communications infrastructure.
• Gathering experts from AT&T, government, industry and across the security spectrum to share perspectives on today’s threat landscape at our 2022 AT&T Security Conference. Participants heard from top security thinkers and practitioners on the latest security innovation and implementation strategies to help bring industry security solutions to the next level.

Governance

Our information security program is designed to protect the integrity, confidentiality and availability of our network. AT&T’s Chief Security Office (CSO) maintains a global organization comprised of highly trained security professionals, with additional security specialists in other organizations across AT&T who work closely with the CSO to address department-specific issues. Our security governance structure consists of the following:

• Chief Information Security Officer: AT&T’s Chief Information Security Officer (CISO) leads our CSO in its efforts to establish policies, requirements and comprehensive programs to help build security into the fabric of every organization across the business.
• CSO: The CSO supports a broad range of functions, from security policy management to the implementation of security solutions. The team reviews and assesses our security controls to keep pace with industry developments and satisfy regulatory and business requirements. The CSO’s technical personnel work in conjunction with other AT&T departments to evaluate threats, determine protective measures, create response capabilities and assess compliance with security best practices.
• Board Oversight: The Audit Committee of the AT&T Board of Directors (Board) oversees the company’s risk management strategy, which includes cybersecurity and network defense. The Board and the Audit Committee receive updates from officers, including our CISO, on network and data security and associated risks.

can u read https://customtoolbardevelopment.com/the-dark-side-of-telegram-fakes/

Security Policies and Standards

AT&T Security Policy & Requirements

The AT&T Security Policy and Requirements (ASPR) serves as a guide and a reference point for conducting business in a secure environment and protecting AT&T information resources. ASPR is a comprehensive set of security control standards based, in part, on leading industry standards such as ISO/IEC 27001:2013.

• Application & Alignment of ASPR: ASPR applies to all employees and contractors and establishes the minimum required safeguards to protect computing and networking assets, data and services. ASPR aligns with laws and standards such as:
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST 800-53
  • European Union’s General Data Protection Regulation
  • Criminal Justice Information Services Security Policy
  • California Consumer Privacy Act
• Continuous Updates: Corporate security policies are reviewed, updated as necessary and approved by management to remain current as industry standards evolve and as circumstances require.

Certifications & Standards

In addition to ASPR, we maintain the following standards and certifications:

• Supplier Security Standards:
  • AT&T’s supplier contracts stipulate that suppliers comply with our Supplier Information Security Requirements (SISR). SISR applies to supplier entities when performing any action, activity or work that involves:
    • The collection, processing, storage, handling, backup and disposal of and/or access to in-scope information
    • Providing or supporting AT&T branded applications and/or services using non-AT&T information resources
    • Connectivity to AT&T’s nonpublic information resources
    • The development or customization of any software for AT&T
    • Website hosting and/or development for AT&T
  • All commercial off-the-shelf products we use must meet or exceed the AT&T Publicly Available Products and Applications Security Requirements. These security requirements are based on our network and data security policies and industry standards.
• Third-party Certifications & Audits: AT&T’s internal security controls are audited by third-party assessors on an annual basis, including the following:
  • Information Security Standard (ISO/IEC 27001)
    • AT&T maintains 2 global ISO/IEC 27001:2013 certifications. The scope of these certifications covers the AT&T global IP infrastructure and certain customer-facing managed services. To maintain the certifications, AT&T undergoes annual recertification assessments.
  • Quality Management Standard (ISO 9001)¹
    • AT&T has achieved ISO 9001:2015 certification, which demonstrates and reinforces our belief that customer satisfaction and expectations are the most important factors in the work we do. We are fully committed to a high standard and quality of work for any project we undertake.
  • AT&T also undergoes other annual third-party audits, such as those for the Payment Card Industry Data Security Standard, the Sarbanes-Oxley Act and SSAE 18/ISAE 3402.

Network Security Monitoring

AT&T uses a consistent, disciplined global process to promptly identify security incidents and threats, minimize the loss or compromise of information, and facilitate incident resolution. AT&T maintains 24/7, near-real-time security monitoring of the AT&T network for investigation, action and response to network security events. Our threat management platform and program provide near-real-time data correlation, situational awareness reporting, active incident investigation, case management, trending analysis and predictive security alerting. AT&T uses the same set of security tools to manage our global network that we use for enterprise customers.

Reviews

To uphold our security standards, AT&T performs regular analysis of our operations and applications for security compliance. These reviews may be facilitated or conducted through our CSO; by a department representative for a product, service, supplier or partner relationship; or by an internal operations team responsible for life cycle service management.

Training & Compliance

Our internal security awareness program utilizes interactive content to help our employees develop skills to protect AT&T data devices and networks. The program emphasizes personal responsibility from every person who touches the network – such as office workers, server administrators, field employees and more. Our CSO is charged with directing and coordinating security awareness and education, including developing, approving and managing all training content. Elements of this program include:

• Code of Business Conduct: AT&T’s Code of Business Conduct (Code) is the foundation for how we do business and how we treat each other and our customers. It emphasizes the need for AT&T employees to properly safeguard our customers’ private data by following laws and regulations which stipulate how the data should be managed by following network and data security standards. All AT&T employees are required to annually acknowledge their responsibility to adhere to our Code.
• Screening: We have controls in place to screen AT&T employees, contractors and suppliers. For example, we conduct background checks on the finalists for all U.S. and international employment positions², and AT&T’s Global Supply Chain organization includes background check requirements in agreements with suppliers. These requirements help to ensure that supplier personnel with physical access to AT&T and/or customer premises are properly screened and are aware of their responsibilities regarding AT&T and customer assets.
• Communications: To deliver general and targeted security awareness initiatives within AT&T, the CSO maintains an internal security awareness website and newsletter, employee- and department-specific bulletins and communications, and job aids in addition to hosting technology conferences and employee security awareness events.
• Training: All employees must take an annual security awareness training course as part of AT&T’s Corporate Compliance training. We have also developed a security-specific training program that features security subject matter experts from across the business to deliver webcasts and video productions. For example:
  • You Are the Firewall^TM promotes security awareness among employees at all AT&T locations through animated short stories, original video games with embedded security training, live game shows and International Security Awareness Week. This entertainment-based approach to the security awareness program was reviewed by industry analysts and has received the highest acclaim from the Institute for Applied Network Security.
  • In addition to annual security compliance training, we encourage employees to pursue further security training and accreditations and certifications when relevant to their roles. This training is conducted both within AT&T and through corporate training organizations, such as:
    • (ISC)², formerly known as the International Information Systems Security Certification Consortium
    • Information Systems Security Association
    • SANS Institute
    • Vendor and product-specific training and certification
    • Cybersecurity@Work employee network
• Professional Certifications: Our large population of security professionals maintains certifications and credentials such as:
  • Certified Information Systems Security Professional
  • Certified Information Systems Auditor
  • Certified Information Security Manager
  • Certified Ethical Hacker
  • Global Information Assurance Certification

Testing & Reporting

AT&T’s approach to identifying and managing cybersecurity risk is formalized in our security risk management program. Elements include:

• Risk Management Program: AT&T has a formal, documented risk management policy and program which includes risk identification, risk assessment, risk analysis and risk mitigation. This extensive program consists of vulnerability testing, compliance reviews and security audits to provide a comprehensive view of AT&T’s security risk posture.
• Evaluations: AT&T conducts regular tests and evaluations to help provide security controls and maintain the functionality of these controls in accordance with our security policy. Security status checks include:
  • Verifying system security settings and statuses and reviewing users that have security administrative or system authority
  • Testing network elements to help provide the proper level of security patches and to determine only required system processes are active
  • Validating server compliance with the AT&T Security Policy and Requirements
  • Utilizing independent third parties to help assess risk to AT&T, our network and customers and, where appropriate, our suppliers
• Vulnerability Testing: Internal authorized personnel perform vulnerability testing using industry scan tools and AT&T-developed tools to assess whether controls can be bypassed to obtain any unauthorized access. We use systemic anomaly reporting to indicate abnormal use of our systems – both customer-facing and employee-facing. When we identify vulnerabilities, we assess severity, potential impact to AT&T and its customers, and the likelihood of occurrence of the vulnerability. From that assessment, we develop and implement plans to address vulnerabilities.
• Bug Bounty Program: We also encourage and reward contributions by developers and security researchers through the AT&T Bug Bounty Program. We provide monetary rewards and/or public recognition for certain security vulnerabilities responsibly disclosed to us.

Security Innovation Strategy

The security of our customers has always been a top priority for AT&T. To protect network, data, mobility and cloud-based information resources in an era of large-scale, sophisticated attacks, we design and implement new security architectures based on the latest advances in virtualization, artificial intelligence and networking. With more than 1,000 security-related patents, we’ve been a leader in security technology for more than a century – safeguarding systems from basic voice communications to 5G.

AT&T ActiveArmor^SM brings our security expertise, resources and products under a single brand. The combination of our 24/7 network protection with built-in, patented security technology helps proactively detect and prevent threats, and our free, easy-to-use mobile security app can be used to manage spam calls, get information on data breaches and more. Together, these capabilities help safeguard our customers, their devices and their data.

Customer Solutions

We provide a variety of mechanisms for customers to take control of the security of their data, including:

• AT&T Business Solutions: Security is top-of-mind for any business, large or small. Helping protect customers’ IT infrastructure against today’s emerging threats is more important than ever. Visit AT&T Cybersecurity for more information about our solutions for business customers.
• Robocall Scam Identification & Mitigation: AT&T has established mechanisms to identify illegal robocall campaigns and help to mitigate them.
  • Through the complementary programs listed below, AT&T has blocked or labeled billions of unwanted robocalls.
    • AT&T ActiveArmor^SM automatically blocks fraud calls and labels other suspected spam calls so a wireless customer can choose to answer or not. It identifies the calls through data analytics, network intelligence and customer reports.
    • AT&T’s Global Fraud Management team works closely with the U.S. Telecom Industry Traceback Group and law enforcement to identify the source of illegal calls. This process provides necessary information to stop illegal robocall campaigns and places responsibility on service providers for traffic that originates on their networks.
    • AT&T’s Global Fraud Management organization, with assistance from the AT&T Chief Data Office, uses sophisticated algorithms to examine billions of calls each day for patterns that indicate a robocalling scheme. They investigate suspicious activity that may be illegal, relying on human fraud expertise before blocking.
  • Implementation of the caller ID authentication standard known as STIR/SHAKEN remains a top priority for AT&T, and we have deployed it across our IP networks. We have filed comments with the Federal Communications Commission (FCC) detailing our progress on this front and offering our support as the FCC addresses the complex details of implementation. We also supported the TRACED Act, which codified implementation requirements.
  • We work to protect our customers from abusive, illegal and unwanted text messages – including patented, automated scanning and filtering. Customers can help by forwarding suspicious text messages to 7726 (SPAM) so we can investigate them. iOS and Android messaging apps now also feature newer, simpler ways to forward these messages to us.
• Opt-Out Options: Customers have the ability to manage how they want to be contacted by AT&T, including opting out of telemarketing calls and emails. When building marketing campaigns, AT&T honors a customer’s request to be added to AT&T’s internal Do Not Call list – in addition to the Federal Trade Commission’s National Do Not Call list and various state Do Not Call lists, as appropriate. For more information, visit the National Do Not Call Registry.

For more information on how to report and guard against fraud or security issues, please visit our Fraud & Security Resources website.

if u intrested https://customtoolbardevelopment.com/top-software-stocks-to-buy-in-2024-a-comprehensive-guide/

Customer Awareness & Education

Educating customers on proper security measures is the best line of defense. As more devices connect to the internet, customer education becomes even more important. AT&T Cyber Aware is a resource designed to empower and educate customers about fraud protection and cybersecurity. The Cyber Aware website explains in simple terms how many scams work, ways to recognize them and steps customers can take to protect themselves. The website offers information and alerts on security and privacy topics and is available to everyone – not just AT&T customers.

Stakeholder Engagement

AT&T is proud to be a leader and a participant in many industry and academic organizations – both to help set standards and to keep pace with industry developments. Our engagement on network and data security includes:

• Employee Participation: Our employees participate in several U.S. and international security organizations, such as:
  • Forum of Incident Response and Security Teams
  • Internet Engineering Task Force
  • U.S. Telecom and Cellular Telecommunications Industry Association Cybersecurity Working Group
  • National Cyber-Forensics and Training Alliance
• Government Collaboration: AT&T participates in the U.S. government’s critical infrastructure protection partnership process, collaborating with several agencies to protect U.S. communications networks and critical infrastructure. Agencies include:
  • Cybersecurity and Infrastructure Security Agency, National Coordinating Center for Communications and Joint Cyber Defense Collaborative at the U.S. Department of Homeland Security
  • National Security Telecommunications Advisory Committee, a federal advisory council to the president of the United States on issues of national security and emergency preparedness
  • Enduring Security Framework, a public-private partnership between industry and various federal agencies intended to improve cybersecurity
  • National Security Agency Cybersecurity Collaboration Center, an engagement hub that harnesses the power of industry partnerships to prevent and eradicate foreign cyber threats to National Security Systems, the Department of Defense and the Defense Industrial Base
• AT&T Cybersecurity Conference: We gathered experts from AT&T, government, industry and across the security spectrum to share perspectives on today’s threat landscape at the 2022 AT&T Security Conference. Participants heard from top security thinkers and practitioners on the latest security innovation and implementation strategies to help bring industry security solutions to the next level.

For more information on our stakeholder engagement and our perspective on cybersecurity policy news, visit AT&T Connects.

AT&T will continue to enhance the security of our network through the following efforts:

• We are working on quantum safe encryption through increasing awareness and obtaining support for quantum encryption within AT&T; collaborating with NIST, Quantum Consortium Enabling the Quantum Ecosystem and Alliance for Telecommunications Industry Solutions on Next Gen Cybersecurity Standards; and automatically changing algorithms when they are found to be vulnerable. We are also conducting a quantum risk analysis to evaluate which AT&T assets would be susceptible to a quantum attack.
• We are evolving our security ecosystem from perimeter-based architecture to zero trust controls. The main concept behind the zero trust security model is to always verify a network or user. Devices should not be trusted by default, even if they are connected to a permissioned network, such as a corporate LAN, or were previously verified. By implementing zero trust controls, we are ensuring that only appropriate contacts are able to access the network.

if u want more informationhttps://sustainability.att.com/priority-topics/network-data-security