Swisscom security portal
Whatever its many benefits, digitisation in the virtual world also has a darker side. It harbours many dangers, many of which we may be unaware of – or even inadvertently exacerbate. To ensure that the net stays a place where curiosity doesn't cause harm to anyone, we are investing heavily in the security of our infrastructure.
Cyber crime
The biggest risks
Threat status
“There is a dark side to the net.”
Trojans, viruses, hacking, Denial of Service attacks: there are multiple players in the cyberwar, from web vandals and terrorists to intelligence services and from amateurs to organised crime organisations. They are all trying to assert their own interests in the anonymous Internet, and so are endangering the most important infrastructure in the digitised world: the net.
Philippe Vuilleumier, Head of Group Security
Defence
The three pillars of our security concept
Prevention
Awareness and information are key to staying safe online. Clear, easy-to-follow rules of conduct and organisational measures are also important, not to mention a fail-safe physical security concept using redundant systems and fit-for-purpose safeguards.
Detection
To remain continuously on the alert, as well as state-of-the-art hardware and software systems, such as firewalls or honeynets, you also need sophisticated threat intelligence to detect and identify existing or emerging menaces or hazards an early stage. Cooperation on a national and international level and excellent intuition are also essential.
Intervention
Should an attack occur, the response must be swift and efficient. The compromised systems must be isolated, secured and, if necessary, taken offline. Unfortunately, it is often impossible to identify the perpetrators or bring them to justice.
Important issues
Our commitment to security
Courses
Courses on the safe use of digital media.
Academy
Security on the move with mobile phones & tablets.
Media courses
For parents, teachers and students.
Are you well protected?
Whether you are surfing, sending e-mails, making calls or watching TV: now it's easy to protect your data, devices and loved ones with our security solutions.
Links
Downloads
- DevSecOps - dynamic, fast, effective and secure (PDF, 1 MB)
- Leitsätze zu Smart Data (PDF, 36 KB)
- Konzepte für eine IT-Security von morgen (PDF, 1 MB)
- Swisscom Security Report 2019 (PDF, 384 KB)
- Swisscom Security Report 2018 (PDF, 1 MB)
- Swisscom Security Report 2017 (PDF, 1005 KB)
- Swisscom Security Report 2015 (PDF, 497 KB)
Glossar Security
API
The Application Programming Interface enables programs to directly exchange data (machine to machine) using a common language.
APT
Advanced Persistent Threat is a complex, targeted and effective attack on critical IT infrastructures and confidential data of companies that are potential victims on account of their technological advantage. Companies can also be targeted as a springboard to the actual victims.
Architecture
Describes all static and dynamic aspects of a company’s IT. This including its infrastructure and the management thereof (configuration and capacity planning, load distribution, data backup, availability, stability, disaster response planning etc.).It also encompasses functional aspects such as the interfaces required to allow IT support for processes.
Backdoor
Software back doors are used to gain access to a computer by circumnavigating its access protection.
Big data
Generally understood to refer to the techniques for collecting and evaluating loosely structured mass data.
Botnet
A network of a large number of compromised computers that are controlled centrally by a botmaster.
BYOD
Bring your own Device refers to the concept of integrating private mobile devices with a company's network.
COBIT
Control Objectives for Information and Related Technology is an internationally recognised framework for IT governance that breaks down IT tasks into processes and control objectives. COBIT primarily defines what has to be implemented and not how the requirements should be met.
Continuity Management
In business economics, continuity management refers to the development of strategies, plans and actions to protect the activities or processes that are crucial to a company’s survival or to permit alternative workflows.
CSIRT
The Computer Security Incident Response Team describes a group of security experts who act as coordinators in the event of specific IT security incidents or focus on computer security in general, warn about security loopholes and propose solutions, and analyse malware.
CVSS
Common Vulnerability Scoring System
An open industry standard for assessing the severity of potential or actual security loopholes in IT systems.
Defacement
Website defacement is a form of vandalism in which the content of a website is changed by hackers.
DevSecOps
This compound term is used to raise the profile of security in the DevOps environment. In addition, it signals that typical DevOps principles (such as automation) also apply to security operations.
DOS
Denial of Service (DoS)
A large number of requests causes a system to crash.
DDoS
A DoS attack is launched simultaneously by several distributed systems (e.g. a botnet). It is no longer possible to simply block the attacker.
Exploit
Program, code or a series of commands used to take advantage of vulnerabilities in software.
Exploit mitigation
A general term for techniques that make it harder or impossible to abuse system vulnerabilities.
Governance
This describes the control and management system of a company or division.
GPS
Global Positioning System A global satellite navigation system used in positioning and precision timekeeping.
Honeynet
A honeynet is a system or network that is set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied. The information gained can then be used to protect real networks.
IAM
Identity and Access Management typically refers to software components used to manage identities and associated system access rights.
ICS
Industry Control System For more specific information, see SCADA.
ICT
Information and Communication Technology.
Infrastructure
This comprises all buildings, communications services (network), machines and software provided at an underlying level (infra is Latin for “below”) for the purpose of information processing.
ISF
The Information Security Forum (ISF) is an independent, not-for-profit organisation with a membership comprising many of the world’s leading companies. It focuses on the principles and concepts of IT security and provides tools
ISO 27001
This international standard, “Information technology – Security techniques – Information security management systems – Requirements” in full, specifies the requirements for establishing, introducing, operating, monitoring, maintaining and continually improving a documented information security management system, while taking the IT risks in a company into account.
ITSLB
IT Security Level Basic is a framework that describes at a technical level how an object, for example, must be configured securely.
Jamming
The deliberate disruption of radio communications.
Kill switch
Hidden software that can disrupt or shut down the functioning of a system when given the command from afar.
KPI
In business economics, Key Performance Indicators are ratios used to measure or determine the progress or degree of fulfilment of an organisation’s key objectives or critical success factors.
KSI
Common IT security indicator, used in the same way as KPIs in business economics.
Logging
Generally used in IT to refer to the (automatic) saving of process data or data changes in log files.
Malware
Software that performs damaging, unwanted functions.
Money mule
Criminals convince people to take money from “clients” and, after having taken their cut, pass it on to a money transfer service. Money mules believe they are working for a legitimate organisation.
Monitoring
A generic term for all types of immediate systematic recording (logging), observation or surveillance of an event or process by means of technical resources or other observation systems.
OSINT
Open Source Intelligence: the gathering of information exclusively from sources that are accessible to the public.
Patch
Security update: programming code that replaces defective software to eliminate security gaps.
Phishing
Refers to tricking victims into disclosing sensitive data (using e-mails containing fake instructions).
Policy
An internal guideline documented formally by a company and for which management is responsible. In IT, policies can also be seen as framework provisions for permissions and prohibitions.
Ransomware
A special type of trojan that encrypts specific data or an entire computer system, blocking access until a sum of money is paid.
RASCI
Technique for analysing and presenting responsibilities in a company. The acronym is derived from the terms Responsible, Accountable, Consulted and Informed.
REST
Representational State Transfer is a programming paradigm for distributed systems, specifically web services and machine-to-machine communication.
Risk management
Comprises all measures for the systematic identification, analysis, evaluation, monitoring and control of risks.
SCADA
Supervisory Control And Data Acquisition systems for monitoring and controlling technical processes (industrial processes for example).
SDR
Software Defined Radio: universal high-frequency emitter and receiver, which uses software to process signals that the user can adapt to different protocols and applications.
SIEM
Security Information & Event Management refers to a software or service that analyses security warnings from a network’s hardware and software components in real time.
SmartGrid
Intelligent power grid. The SmartGrid interconnects and manages electricity generation and storage, electrical appliances and energy transfer and distribution networks.
SmartHome
The overarching term for networked, partially automated energy management, entertainment and security in homes.
Social media
Websites that enable users to interact via personal profiles (e.g. Facebook, Twitter, LinkedIn, Xing).
Spear phishing
Targeted, personalised phishing attacks.
Spoofing
A type of scam where an intruder attempts to gain unauthorised access to a user's system or information by masquerading as somebody else.
Threat
In IT security, threat refers to a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.
Vulnerability
A vulnerability or weak spot in hardware or software that attackers can use to gain access to a system.
Trusted Access Partner
The Trusted Access Partner certificate is awarded by Swisscom (Schweiz) AG to selected partner companies. The audited partner companies demonstrably meet the highest requirements for secure and efficient access management when providing their services to Swisscom. With the certificate, they receive extensive competence and autonomy in access management to Swisscom buildings.