| Customers: SIAB (St. Petersburg Industrial Joint-stock Bank) of SIAB
Contractors: Digital Security (Digital Security guard) Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Project date: 2011/12
|
Works on preparation for certification were carried out by specialists of Bank together with consultants and auditors from Digital Security company. The PCI DSS standard is developed by international payment systems of Visa Int., MasterCard, American Express, Discover and JCB for the purpose of increase in level of security of the cards which are processed, transferred and stored in information systems of banks and processing centers.
"This project is especially indicative the fact that in the course of achievement of compliance of PCI DSS infrastructure of Bank was not only is partially changed for more optimal protection, but also is considerably expanded, at the same time new elements were added already taking into account requirements of information security. It shows importance of data protection about the clients for bank and also that, is how more convenient and more profitable to think of security from the very beginning – on implementing solutions stages, but not when protection becomes a necessity" - Pavel Fedorov, the head of the auditing department of banks and Digital Security payment systems noticed.
Throughout all term – and the way to certification at Bank lasted over a year – as a result of close cooperation between SIAB Bank and Digital Security company the solutions which allowed to reach compliance to the standard and to save efficiency of business processes were developed.
"In spite of the fact that the project on achievement of compliance of PCI DSS demanded from us significant review of infrastructure and additional costs we always understood how it is important to provide the high level of data protection about clients. Customer confidence is a heavy responsibility, and our duty – to protect their data. Experience of implementation of the procedures necessary for compliance of PCI DSS showed how it is possible to increase significantly security of banking systems, the got experience allows us to maintain security of a banking system at the existing level and to increase this level further", – Sergey Glukhov, the vice chairman of the board of SIAB Bank commented.
Implementation of the joint project includes annual procedures of passing of audit of security of the RBS systems (remote banking) and ABS (the automated banking system), audit of security of applications of mobile banking and also certification on compliance to the PCI DSS standard, audit on compliance to requirements of provision of the Central Bank of the Russian Federation No. 382-P, etc.
The contract assumes annual accomplishment of a number of works with forces of specialists of Digital Security for SIAB, namely:
- the external penetration test allowing to check functionality bank client as on behalf of the anonymous user, and directly from the user of a system and to reveal program vulnerabilities at the level of the client and the server;
- the internal analysis of security which gives the chance to estimate the potential level of possible fraud in bank and to correct the ABS settings in order to avoid incidents
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |