| Customers: Moscow collector Moscow; Housing and public utilities, service and household services Contractors: DialogNauka Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Project date: 2018/12 - 2020/03
|
2020: End of a series of projects in the field of cybersecurity
On March 30, 2020 the DialogNauka company reported that it rendered a range of services for SUE Moskollektor in the field of personal data protection and categorization of objects of critical information infrastructure according to requirements of the Federal law of July 26, 2017 No. 187-FZ "About security of critical information infrastructure of the Russian Federation".
According to the company, DialogNauka implemented the whole complex of the projects directed to increase in level of information security SUE Moskollektor. For receiving independent and objective assessment of a current status of protection of the enterprise against threats from potential malefactors testing for penetration on models of the external and internal violator was held. The attacks directed to detection of organizational, operational and technology vulnerabilities in infrastructure SUE Moskollektor were simulated.
Based on penetration tests by consultants of DialogNauka the reports including the description of borders of audit, the used methods and means, the list of the revealed vulnerabilities and shortcomings ranged on risk level of their use by potential malefactors were prepared. The undertaken scenarios of penetration and the achieved results were described, risks assessment of cybersecurity and processes of providing Information Security of the enterprise is carried out. Also recommendations about elimination of the revealed vulnerabilities and improvement of processes of providing Information Security were submitted.
Examination and conformity assessment of processing and personal data protection according to requirements of the Federal Law "About Personal Data" was in addition conducted. Object of audit was the geographically distributed personal data information system (ISPDN) of the enterprise and organizational and administrative documentation of the enterprise for processing and personal data protection. The analysis of the internal organizational and administrative documents of the enterprise regulating an order of processing and protection of PDN was made, the PDN list is defined and subsystems ISPDN which are subject to protection the used information security tools (IST) and extents of participation of personnel in processing of PDN and also the nature of interaction with the personnel responsible for security of PDN are defined. According to the results of the project the detailed report about results of inspection was developed.
For assessment of a current status of the system of information security support (SISS) of the enterprise and formation of recommendations about further development of SOIB by consultants of DialogNauka the assessment of management processes and information security support was carried out. Within this project the independent objective assessment of the SOIB current level, the analysis of the existing processes of providing Information Security and assessment of the current level of a maturity of SOIB was carried out. The recommendations about increase in the cybersecurity level of the enterprise and achievement of the target objective of cybersecurity were in conclusion developed.
Within works on preliminary categorization of objects of critical information infrastructure SUE Moskollektor according to requirements of the Federal law of July 26, 2017 No. 187-FZ "About security of critical information infrastructure of the Russian Federation", establishment of belonging of the enterprise to subjects of critical information infrastructure and also refining of the list of objects of KII which are subject to categorization was carried out. After justification of need of assignment to objects of KII of one of categories of the importance (or confirmations of lack of need of assignment of one of such categories by it) carried out preliminary categorization of objects of KII.
 | For March, 2020 the information security is a hot topic for most the Russian companies. We are grateful to the customer for the choice of DialogNauka as the contractor of projects and we hope that our cooperation will be continued in the future. Victor Serdyuk, the CEO of JSC DialogNauka told |  |
| | IT infrastructure of the state enterprise executes the main role in ensuring continuity of processes. Therefore we with special attention approach projects in the field of information security. Based on a complex of the rendered services we obtained the comprehensive information about a current status of information security SUE Moskollektor and also on possible steps on their improvement. It is sure that it will promote in the future increase in level of information security of our enterprise. Gorokhov A. L., the Deputy CEO on security told SUE Moskollektor | |
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |