HIGHLIGHTS

Decrease risk of financial loss due to fraud

Improve security against mobile banking exploitation

Protect subscriber privacy and confidence

Prevent and mitigate network attacks

Ensure that your network complies with GSMA guidelines on security standards

MOBILE NETWORK SECURITY AUDIT

OVERVIEW

LATRO Services employs subject matter experts in GSM security. Our team of experienced technical investigators and business professionals will work to help you understand your network’s vulnerabilities. Through LATRO’s Mobile Network Security Audit (MNSA), a process of non-intrusive

auditing, most of which is done without the need for Mobile Network Operator (MNO) technical support or

facility access, we will analyze, present and help you understand your network’s security profile. LATRO will

translate the complex technical data into clear business risk statements, enabling you and your leadership team to

make the appropriate business decisions and execute GSM-standard network security.

The information disclosed in this document is the property of LATRO Services. No portion of this material may be reproduced or transmuted in any form by any means, electronic, mechanical or otherwise, including photocopy, without advance written permission from LATRO Services.

Take the next step in understanding your current network profile’s risks and exposure. Contact LATRO Services for expert consultation on a comprehensive solution to improve your bottom line performance.

ARE YOU AT RISK?LATRO Services has answers and solutions to your questions.

• Is my GSM network susceptible to costly technical fraud attacks such as cloning and subscriber impersonation?

• Is my subscribers’ privacy at risk to eavesdropping or theft of personal information including mobile banking compromise?

• What does it mean that my network has been flagged by watchdog groups as being insecure?

• Is my network provisioned within the GSMA’s Security Group’s guidance for working practices?

• How do I confirm the statements by my technical team and consultants that the network is secure and protected from compromise?

GSMA SECURITY STANDARDSLATRO Services uses the GSMA Security Group Standards as the basis for our security profiling. During the network survey and technical security assessment, we characterize and report on a wide range of security mechanisms including:• Use of Subscriber Authentication• Use of Encryption• Use of Equipment (MS) Identification• Use of Subscriber Aliasing

The results of this technical characterization lead to a risk assessment that defines the security profile of the network. The security profile contains many dimensions; three of the critical dimensions are:• Authenticity Strength (Resilience to Impersonation)• Privacy Protection (Resilience to Interception)• Usage Anonymity (Resilience to Tracking)

MOBILE NETWORK SECURITY AUDIT

U.S.A.

Phone: +1.571.435.3129

info@latroservices.com

LATRO Services Inc.Dubai U.A.E.

Phone: +971 (0) 56 1427557

www.latroservices.com

The information disclosed in this document is the property of LATRO Services. No portion of this material may be reproduced or transmuted in any form by any means, electronic, mechanical or otherwise, including photocopy, without advance written permission from LATRO Services. REV 1: 4/12

THE MNSA PROCESS 1. Initial Network Security Profile Assessment

We conduct an initial network survey and provide a preliminary report on your network’s security profile. It’s a high value, low risk action that will enable you to answer questions about your network’s security and make a preliminary assessment of your business risk level.

2. Initial Network Security Profile ReportA report that summarizes your network security profile. We will highlight areas of significant risk and outline the business decisions needed to address the risk areas.

3. Technical ReviewWe will gather more information and complete the risk picture. Our goal is to understand why the risk areas exist and what technical options exist to eliminate or mitigate them.

4. Advanced Network Security AuditLATRO’s Root Cause Reporting (RCR) will identify conditions for the existing risk and assess the feasibility of technical mitigation options.

5. Implement Security Risk MitigationsAssess the financial and business risks and support the client through the decision making process. Our goal is to help our clients achieve a risk level that meets the business’ organizational and financial objectives.

6. Verification AuditWe will duplicate our initial work and verify that the profile has changed as expected.

PHASE 1Short Audit with Reports

• Initial Network Security Profile Assessment

• Initial Network Security Profile Report

PHASE 2Consult with Network Group

to Fix the Problem

• Technical Review• Advanced Network Security

Audit

PHASE 3On-going Audits and Verifications

• Verification Audit• Implement Security Risk

Mitigations

THE MNSA PROCESS