Elisa Trust Center

Elisa Trust Center

Elisa is the market leader in Finland in mobile networks (source: Traficom), so it handles the majority of Finland's network traffic. The numbers grow year on year, and they help to illustrate the critical role that digital information has these days.

Our goal is to protect society’s most crucial functions, telecommunications connections and data and to ensure that they keep operating. We also want to proactively block a wide range of criminal activity and scam attempts, and to develop new ways of combating the increasingly diverse threats Being able to rapidly adapt to unexpected situations is important in all circumstances.

We collaborate closely with various authorities and stakeholders so that we can provide our customers with secure, reliable connections and services. Together, we have found solutions for threats such as malicious messaging and a number of phone scam campaigns. We engage in exercises together with our customers in how to prepare for threats and recover from exceptional situations.

This Trust Center webpage gathers the most relevant aspects of our operations and describes how Elisa constructs and develops its cybersecurity operations. Our goal is to operate transparently and to construct a positive cybersecurity culture throughout society as a whole.

We would like to thank our customers and stakeholders for their cooperation. We hope to continue to be worthy of your trust in the future, too!

Teemu Mäkelä, Chief Information Security Officer, Elisa Corporation

A sustainable future through digitalisation

Elisa’s strategic target is to protect the digital operating environment in society. Elisa’s role is to be a critical operator for reliability of services as well as to deliver communications networks and services. Guided by our mission – a sustainable future through digitalisation – we are building together a secure operating environment and creating opportunities for all of society to develop.

Elisa’s business operations are based on the trust of our customers, the functionality of our services and the security of data. Our networks connect millions of people, homes, organisations and applications. The security of customers, networks and systems is important and a key part of what we do.

Find out more about Elisa’s approach to digital sustainability

Cyber security at Elisa

At Elisa, cyber security is based on requirements from legislation, industry regulations and our agreements with our customers and partners, as well as on the targets that Elisa sets for itself. The most important targets are the confidentiality of information and ensuring the continuity of business operations. Information security is a vital part of all of our operations.

We implement information security through both administrative and technical measures. We utilise the Cybersecurity Framework from the US National Institute of Standards and Technology, which is widely recognised and used in the industry. The core of the framework comprises five continuous functions: Identify, Protect, Detect, Respond and Recover. Taken together, these functions provide a strategic picture of cybersecurity risk management and help in developing operations.

In our operations, we also use MITRE ATT&CK, a global knowledge base of real-world attack techniques and tactics. ATT&CK serves as the basis for developing threat models and methods.

In evaluating and developing our own cybersecurity operations, we use Kybermittari, a “cybermeter” developed by the Finnish Transport and Communications Agency’s National Cyber Security Centre. We regularly measure cyber maturity in all of our profit units, and based on the results, we produce unit-specific development plans over both the short and long term. Evaluating cyber maturity gives us a valuable point of comparison with other operators in the sector, both nationally and internationally.

Development and organisation

Elisa’s security management team is responsible for strategic steering and decision-making for Elisa’s security operations. Cyber security is part of normal business operational responsibilities, and the line organisation is responsible for implementing it. Cyber security is internalised as part of the development of business operations, processes and services. 

Elisa’s Chief Information Security Officer is responsible for leading and developing cyber security. 

The development of cyber security is steered all the way from strategy to practical measures. Elisa’s unit-specific strategy is updated every year and deals with the subsequent three years. With regard to cyber security, we follow strategic objectives derived separately from the strategy.

Targets related to cyber security are embedded in unit-specific roadmaps. During planning, we take account of identified and recognised risks affecting business operations as well as their possible effects over the next three years.

In steering everyday work, we use deployment plans derived from the strategy, strategic targets and roadmaps.

We monitor and direct how actions are implemented in Elisa’s security management team. Elisa’s Executive Board monitors the implementation of the strategy at the unit level. The goal is to be able to react rapidly and flexibly and implement the measures required in the situation.

Elisa’s Cyber Security & Service Operations Center (cSOC) is responsible for monitoring for and steering recovery from operational information security incidents in problem situations. Elisa’s cSOC experts monitor the situational picture of information security using information from a variety of sources. The experts are ready to react rapidly to changing situations.

We regularly share up-to-date and topical information about the situational picture (Cyber Security Outlook and Cyber Threat Intelligence) with our important stakeholders. This information is gathered from both external and internal sources and deals with the most critical issues for the organisation. We make use of this information in our operations at various levels in different parts of the organisation, and we share appropriate parts of it with our customers as well.

Elisa offers its corporate customers Security Operations Centre services 24/7. These services give our customers access to a broad range of expert services in various aspects of cyber security. Elisa’s services make it possible to have comprehensive monitoring in different operating environments, as well as continuously developed, secure services for long-term development and strengthening of information security. Customer organisations can take advantage of our versatile IT and network management services and complementary expert and training services. Our certified experts have received security clearances from the Finnish authorities and are Finnish citizens.


Defence in depth

Elisa constructs a multi-layered, defence-in-depth approach to comprehensively protecting itself against cyber threats. The most important aspects of this are rapid threat detection and recovery. The information security controls in use are determined based on the risks and the requirements of our stakeholders.

Development of security

As a producer of critical national infrastructure, we always design and develop our services and take them into production while taking security considerations into account. At Elisa, we follow the principle of security by design, where we take information security, the security of the service and safe use into account at every stage of development. Developers and service owners ensure built-in security, data integrity and information security.

Protecting our own operations

The responsibility for leading the response to information security threats and incidents lies with Elisa’s Cyber Security and Service Operations Center (cSOC), which monitors the functionality of Elisa services, steers the corrective measures for disturbances, and takes care of internal or external incident communications. 

Elisa has established principles and processes for managing information security incidents.

Finnish law requires network service providers to intervene in malicious network traffic and information security breaches that occur in their networks. Elisa’s Abuse team investigates notifications and directly contacts the owner of the connection or device if a device or website that the customer is using is a threat to information security.
More information about various phishing cases and scams

Elisa’s cSOC premises and Elisa’s Corporate Customers Security Operations Center premises have been audited to the Finnish authorities’ ST IV (“restricted”) level. The experts who work there are all Finnish citizens and have security clearances from the Finnish authorities. 

Awareness among employees

Due to the criticality of the business, every Elisian needs to know and be able to identify their own responsibilities and know how to act when the situation demands it. We have already worked for a long time on raising awareness, implementing operating models and providing a range of different training courses, and we will continue to use all of these measures in the coming years as well. Information and skills play critical roles in developing and improving the information security of the entire group. Training employees is one of the most effective and important ways of combatting cyber threats. In addition to compulsory basic training, we implement customised, in-depth training for a variety of target groups. 

Every year, all Elisians must complete basic training in data protection and information security. The goal is for all employees to meet the basic competence requirement and to be aware of cyber threats. Through continuous training, we ensure that Elisians recognise their own roles and responsibilities in maintaining the information security of the entire organisation, and that they know the right way to act in any abnormal situation.

Elisa introduced a training programme to help prevent phishing back in 2017 in which Elisians regularly receive simulated phishing messages. The goal is to help them recognise the typical real-world methods that scammers use to try and obtain personal information and login details. More information about raising awareness and preventing phishing is available (in Finnish) here.

As well as providing all employees with basic information and training, our goal is for all cybersecurity specialists and experts (and anybody interested in cyber security) to participate in the Elisa Cyber Community and to help develop it and its peer group activation measures. We maintain the expertise of our employees with training and certification from e.g. (ICS)2, ISACA and the SANS Institute, as well as our technology partners. Elisa employees have e.g. CISSP and CISA certifications as well as our technology partners’ own qualifications. 

Building and developing a culture of security is one of our most important annual targets. We share topical information with them transparently and openly. The aim is to convey the information in a way that is clear and easy to understand, taking the target audience into account. Our goal is to support our operations and to eliminate any atmosphere of fear or uncertainty.

Development work and collaboration

We actively share information about cyber security with stakeholders outside our organisation, and we participate in the operations of a number of associations and organisations.

Elisa collaborates closely with Finnish Traficom’s National Cyber Security Centre. We actively share our expertise and observations with the authorities and other important stakeholders.

Elisa also participates in ISP-ISAC, the shared information sharing and analysis centre for Traficom and internet service providers, where topical information and best practices are shared between the authorities and operators in the sector.

Our collaboration with different expert groups and other associations is increasing all the time. Elisa supports e.g. young white-hat hackers through the Generation Z Hack Challenge, where young people take on a number of challenges designed by experts who already have extensive experience in the field. Elisa also supports HelSec, a Helsinki-based cyber security association. Elisa also plays a significant role as a supporter and mentor of the Women4Cyber association, set up in 2021. Cooperating on bug bounty programmes makes it easier to find serious vulnerabilities in software. More than 2,500 people have signed up for Elisa’s bug bounty programme, and it identified 115 potential vulnerabilities in 2021.


Elisa takes part in exercises with a variety of stakeholder groups. Elisa also conducts a variety of  exercises with corporate customers as tabletop exercises or in person at Elisa’s or the customer’s premises. Elisa participates in e.g. the national TIETO and TAISTO exercises with operators critical to the security of supply, testing continuity management, preparation and recovery from different cybersecurity threat situations.

Purple team exercises

Elisa develops its operational reliability in terms of cyber security through continuous purple team exercises. In these exercises, the blue team “defending” Elisa cooperates with the red team conducting the “attack”, and rather than testing individual cyberattacks, both sides’ views are shared, and a variety of pre-arranged attack options are tested. The goal of these simulations is to develop our operations and expertise, and to build up our readiness to predictively solve real-world threat situations.