Softline booked audit of an information security system at automobile plant "Ural"

The representative office of Softline in Chelyabinsk announced in June, 2011 project completion on an udita of information security of a corporate data network in JSC Automobile Plant AZ Ural. Upon termination of works the report with results of inspection was created and recommendations about increasing the level of security of an enterprise information system are prepared.

The automobile plant "Ural" which is a part of GAZ Group is one of the largest Russian enterprises for release of trucks. In anticipation of entry into force of requirements of Federal Law No. 152 about reduction of personal data information systems in compliance with its regulations the management of automobile works made the decision on conducting check of vulnerabilities of IT infrastructure of the enterprise "On personal data protection".

Earlier the staff of factory division on information security performed independent checks of IT infrastructure, but carrying out full-scale audit of an information security system was decided to entrust specialists. The victory in the announced closed competition was won by Softline company.

Project objective was assessment of the security level of use of information technologies at the enterprise and also securities of the personal data processed in its information systems and development of the organizational and technical actions directed to increase in level of information security.

During the course of performance the project requirements of the customer to the level of information security in the organization were designated, data on parameters of functioning of the information systems processing personal data are obtained, the organizational and regular structure and the available normative and administrative documents concerning processing and data protection is studied. On the basis of the carried-out analysis were developed and approved with the client: a set of criteria for assessment of an information security system, model of threats and the violator's model. After conducting tests specialists of Softline proposed measures for elimination of the revealed vulnerabilities and threats, prepared the closing statement with assessment of the current level of information security and overall effectiveness of IT systems of the enterprise.

"Implementation of our recommendations will allow to raise substantially degree of a maturity of information processes of the enterprise. Use of the majority of recommendations does not require additional capital costs therefore they can be implemented using own resources of the plant, – Nikolay Agrinsky, the head of engineering and analytical group of Softline company tells. – Recently growth of number of the analytical projects combining in themselves the best world practices in information security field with requirements of the Russian legislation within Federal Law No. 152 is observed. The technique developed by Softline company allows to develop within one project recommendations both about effective management of information security, and about reduction of an information system in compliance with requirements of the law".

"Results of the audit booked at our enterprise will be taken as a basis and broadcast on all child organizations of GAZ Group. Thus, we will provide full protection of a corporate system of security", – Sergey Sitnikov, the director of resource protection of JSC AZ Ural tells.