Customers: Cool CB Financial services, investments and audit Contractors: DataSecurity Technologies Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Project date: 2011/07
The DataSecurity Technologies company announced project completion on implementation of requirements of documents of the BR IBBS complex and the law on personal data No. 152-FZ in banks of Kabardino-Balkar Republic.
The sales activity of statutory requirements in banks of Kabardino-Balkaria was planned in advance, and as uniform approach to information security support including personal data protection, standards of Bank of Russia were selected. Discussions of approaches and difficulties of implementation of requirements of the law and standards Banking association and insurers of Kabardino-Balkar Republic became the platform for interaction of specialists of banks.
According to DataSecurity Technologies, it is possible to speak about end of the whole series of complex projects on implementation of requirements of service station of BR IBBS and 152-FZ, further maintenance and improvement of a system of information security support in bank "Nalchik", "Bum-Banke", Prokhladny bank, CB Evrostandart today. Similar work in other banks of Kabardino-Balkar Republic is continued.
The sequence of the works in these projects performed by DataSecurity Technologies company can be presented in the form of the next main stages. At the first stage inventory of all data assets of bank which are subject to protection including information systems and processing of personal data is carried out; conformity assessment to requirements of service station of BR IBBS and also preparation of recommendations about elimination of the revealed discrepancies and the detected vulnerabilities is performed.
At the second stage cybersecurity risks assessment is carried out, the choice of necessary protective measures is performed, requirements for protection form and the packet of the internal documentation regulating activities of bank for information security according to documents of the BR IBBS complex is developed.
At the third stage works on design of a technical system of protection and to implementation of information security tools are performed afterwards. Also at this stage scanning of internal and external resources of IT infrastructure of bank with the subsequent elimination of the revealed vulnerabilities is carried out.
Important stage of works also is implementation of processes of providing Information Security which results it is possible to put down to credit to employees of the bank as requires their considerable participation. This activity does not stop upon completion of the project, and is a part of process of further maintenance and improvement of a system of information security support of bank, explained in DataSecurity Technologies.
As the main results of the executed projects in DataSecurity Technologies select not only ensuring compliance of the cybersecurity systems of banks to standards of Bank of Russia and to requirements of the legislation on personal data, but also increase in level of understanding and transparency of processes of information security support, clear split of powers and responsibility for this area. According to DataSecurity Technologies, further it will positively affect security of data assets of banks.
"For us work in Kabardino-Balkaria became important activity of the company on bank security — Oleg Gubka, the chief executive of DataSecurity Technologies company told. — The aiming of bank employees at result and the interbank interaction organized based on regional association undoubtedly, to the best distinguishes banks of Kabardino-Balkar Republic. Such approach to the solution of assigned tasks allowed to execute effectively at once several parallel projects".
"The applicability in bank of project deliverables in many respects depends on the interoperability layer with the contractor — Vyacheslav Shavayev, the vice chairman of the board of CB Evrostandart considers. — Close cooperation with a project team of DataSecurity Technologies during and after project finish helped to resolve quickly arising issues on implementation of processes of information security support. Of course, ahead still rather internal work on increase in level of compliance to standards, but the main thing that the correct understanding and a necessary basis for further improvement of a system of information security support of bank is created".
"Creation of a system of information security support according to requirements of service station of BR IBBS became a new task for our bank. But thanks to DataSecurity Technologies company we rather quickly got into this gear, understanding its relevance and importance — Olga Chereshkova, the chairman of the board of Prokhladny bank said. — In this question the active public position also is important. Employees of the bank constantly participate in profile conferences and seminars of both regional, and federal level, are trained in the leading training centers on information security. It allows us to share the opinion with regulating authorities and to exchange experience with colleagues from other banks".
"Despite importance and need of information security for bank, it is always additional load of its business — Boris Endreev, the chairman of the board of Nalchik bank, the president of Banking association and insurers of Kabardino-Balkar Republic, the member of council of ARB emphasized. — Therefore it is very important to adapt requirements of standards and laws not only for the bank industry, but also for specifics of specific bank taking into account scales of its business, first of all, trying to obtain system effectiveness of protection against real threats. Certainly, such work should be carried out by joint forces of qualified specialists of the contractor and employees of the bank, as was made within the project with DataSecurity Technologies".