Meta navigation

  • A secure network for
    a secure Switzerland

Swisscom security portal

Whatever its many benefits, digitisation in the virtual world also has a darker side. It harbours many dangers, many of which we may be unaware of – or even inadvertently exacerbate. To ensure that the net stays a place where curiosity doesn't cause harm to anyone, we are investing heavily in the security of our infrastructure.


Cyber crime

The biggest risks


Spam

Phishing

Hacking

Virus

Trojans

DDoS

Social engineering

E-commerce fraud

Other

Threat status

“There is a dark side to the net.”

Trojans, viruses, hacking, Denial of Service attacks: there are multiple players in the cyberwar, from web vandals and terrorists to intelligence services and from amateurs to organised crime organisations. They are all trying to assert their own interests in the anonymous Internet, and so are endangering the most important infrastructure in the digitised world: the net.

Philippe Vuilleumier, Head of Group Security

Defence

The three pillars of our security concept

Prevention

Awareness and information are key to staying safe online. Clear, easy-to-follow rules of conduct and organisational measures are also important, not to mention a fail-safe physical security concept using redundant systems and fit-for-purpose safeguards.

Detection

To remain continuously on the alert, as well as state-of-the-art hardware and software systems, such as firewalls or honeynets, you also need sophisticated threat intelligence to detect and identify existing or emerging menaces or hazards an early stage. Cooperation on a national and international level and excellent intuition are also essential.

Intervention

Should an attack occur, the response must be swift and efficient. The compromised systems must be isolated, secured and, if necessary, taken offline. Unfortunately, it is often impossible to identify the perpetrators or bring them to justice.

Important issues

Our commitment to security



Shopping

Telephony

Banking

E-mail / SMS

Security

Courses

Courses on the safe use of digital media.



Academy

Security on the move with mobile phones & tablets.


Media courses

For parents, teachers and students.


Security products

Select, check and fix: our security products ensure comprehensive protection for all your devices connected to the Internet.



My Service

Our My Service experts secure your computer.

Internet Security

Free for 1 year: our award-winning security solution for all your devices.

Help programs

Check your computer with our free help programs.

Support

Online help for faults and problems with the Internet and e-mails.


Glossar Security


API

The Application Programming Interface enables programs to directly exchange data (machine to machine) using a common language.




APT

Advanced Persistent Threat is a complex, targeted and effective attack on critical IT infrastructures and confidential data of companies that are potential victims on account of their technological advantage. Companies can also be targeted as a springboard to the actual victims.




Architecture

Describes all static and dynamic aspects of a company’s IT. This including its infrastructure and the management thereof (configuration and capacity planning, load distribution, data backup, availability, stability, disaster response planning etc.).It also encompasses functional aspects such as the interfaces required to allow IT support for processes.




Backdoor

Software back doors are used to gain access to a computer by circumnavigating its access protection.




Big data

Generally understood to refer to the techniques for collecting and evaluating loosely structured mass data.




Botnet

A network of a large number of compromised computers that are controlled centrally by a botmaster.




BYOD

Bring your own Device refers to the concept of integrating private mobile devices with a company's network.




COBIT

Control Objectives for Information and Related Technology is an internationally recognised framework for IT governance that breaks down IT tasks into processes and control objectives. COBIT primarily defines what has to be implemented and not how the requirements should be met.




Continuity Management

In business economics, continuity management refers to the development of strategies, plans and actions to protect the activities or processes that are crucial to a company’s survival or to permit alternative workflows.




CSIRT

The Computer Security Incident Response Team describes a group of security experts who act as coordinators in the event of specific IT security incidents or focus on computer security in general, warn about security loopholes and propose solutions, and analyse malware.




CVSS

Common Vulnerability Scoring System
An open industry standard for assessing the severity of potential or actual security loopholes in IT systems.




Defacement

Website defacement is a form of vandalism in which the content of a website is changed by hackers.




DOS

Denial of Service (DoS)
A large number of requests causes a system to crash.




DDoS

A DoS attack is launched simultaneously by several distributed systems (e.g. a botnet). It is no longer possible to simply block the attacker.




Exploit

Program, code or a series of commands used to take advantage of vulnerabilities in software.




Exploit mitigation

A general term for techniques that make it harder or impossible to abuse system vulnerabilities.




Governance

This describes the control and management system of a company or division.




GPS

Global Positioning System A global satellite navigation system used in positioning and precision timekeeping.




Honeynet

A honeynet is a system or network that is set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied. The information gained can then be used to protect real networks.




IAM

Identity and Access Management typically refers to software components used to manage identities and associated system access rights.




ICS

Industry Control System For more specific information, see SCADA.




ICT

Information and Communication Technology.




Infrastructure

This comprises all buildings, communications services (network), machines and software provided at an underlying level (infra is Latin for “below”) for the purpose of information processing.




ISF

The Information Security Forum (ISF) is an independent, not-for-profit organisation with a membership comprising many of the world’s leading companies. It focuses on the principles and concepts of IT security and provides tools




ISO 27001

This international standard, “Information technology – Security techniques – Information security management systems – Requirements” in full, specifies the requirements for establishing, introducing, operating, monitoring, maintaining and continually improving a documented information security management system, while taking the IT risks in a company into account.




ITSLB

IT Security Level Basic is a framework that describes at a technical level how an object, for example, must be configured securely.




Jamming

The deliberate disruption of radio communications.




Kill switch

Hidden software that can disrupt or shut down the functioning of a system when given the command from afar.




KPI

In business economics, Key Performance Indicators are ratios used to measure or determine the progress or degree of fulfilment of an organisation’s key objectives or critical success factors.




KSI

Common IT security indicator, used in the same way as KPIs in business economics.




Logging

Generally used in IT to refer to the (automatic) saving of process data or data changes in log files.




Malware

Software that performs damaging, unwanted functions.




Money mule

Criminals convince people to take money from “clients” and, after having taken their cut, pass it on to a money transfer service. Money mules believe they are working for a legitimate organisation.




Monitoring

A generic term for all types of immediate systematic recording (logging), observation or surveillance of an event or process by means of technical resources or other observation systems.




OSINT

Open Source Intelligence: the gathering of information exclusively from sources that are accessible to the public.




Patch

Security update: programming code that replaces defective software to eliminate security gaps.




Phishing

Refers to tricking victims into disclosing sensitive data (using e-mails containing fake instructions).




Policy

An internal guideline documented formally by a company and for which management is responsible. In IT, policies can also be seen as framework provisions for permissions and prohibitions.




Ransomware

A special type of trojan that encrypts specific data or an entire computer system, blocking access until a sum of money is paid.




RASCI

Technique for analysing and presenting responsibilities in a company. The acronym is derived from the terms Responsible, Accountable, Consulted and Informed.




REST

Representational State Transfer is a programming paradigm for distributed systems, specifically web services and machine-to-machine communication.




Risk management

Comprises all measures for the systematic identification, analysis, evaluation, monitoring and control of risks.




SCADA

Supervisory Control And Data Acquisition systems for monitoring and controlling technical processes (industrial processes for example).




SDR

Software Defined Radio: universal high-frequency emitter and receiver, which uses software to process signals that the user can adapt to different protocols and applications.




SIEM

Security Information & Event Management refers to a software or service that analyses security warnings from a network’s hardware and software components in real time.




SmartGrid

Intelligent power grid. The SmartGrid interconnects and manages electricity generation and storage, electrical appliances and energy transfer and distribution networks.




SmartHome

The overarching term for networked, partially automated energy management, entertainment and security in homes.




Social media

Websites that enable users to interact via personal profiles (e.g. Facebook, Twitter, LinkedIn, Xing).




Spear phishing

Targeted, personalised phishing attacks.




Spoofing

A type of scam where an intruder attempts to gain unauthorised access to a user's system or information by masquerading as somebody else.




Threat

In IT security, threat refers to a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.




Vulnerability

A vulnerability or weak spot in hardware or software that attackers can use to gain access to a system.