SOIB of TRUST bank

The LETA company completed the complex project on reduction of a system of information security support (further – SOIB) TRUST bank in compliance to new requirements of the Standard of the Bank of Russia for information security.

The TRUST bank builds information security policy according to requirements of industry standards of service station of BR IBBS-1.0-2010 and PCI DSS. Together with LETA company the bank started the large-scale project on creation of the end-to-end system reducing the risks of direct and consequential financial loss entering model of threats of information security.

Within the project "TRUST" was executed by specialists of LETA company together with employees of the bank a wide complex of works. Among them – the analysis of infrastructure of bank, organizational and administrative documentation in the field of cybersecurity and adjacent areas; inspection and preparation of recommendations about correction of business processes within which data processing of payment cards and personal data is conducted.

"Today for the Russian banks the insider threats and threats connected with fraud in the systems of the remote banking (RB) are relevant, – Said Al-Ulyafi, the Chief information security officer of TRUST bank tells. – In connection with entry into force of Federal law No. 152 and the modifed standard on information security of the Bank of Russia requirements of regulators to security at personal data processing raised. For their implementation based on the tender we selected LETA company. The large volume of auditor and analytical work which is carried out by employees of the bank together with experts of LETA became feature of the project. The necessary methodological base of a system of management of cybersecurity by requirements of the new standard of the Bank of Russia was prepared. The system of information security support of bank and activity of the business divisions involved in providing Information Security process is systematized and arranged. The complete solution of problems of data protection including personal data, in the different modes of confidentiality (bank and commercial secrets) allowed bank to optimize costs for high-quality fulfillment of requirements of regulators on cybersecurity".

"Irrespective of at what stage of development there is an information system of the company, it should correspond to a certain set of requirements to information security support. There are requirements of regulators independent of the industry and there are requirements specific to a certain sector of economy, – Andrey Konusov, the CEO of LETA company says. – In addition to mandatory requirements of regulators there are so-called best practices in the field of cybersecurity. In the credit and financial sector like that is the standard of the Bank of Russia. It is worth emphasizing that full implementation of requirements of this standard – a difficult complex task. Effective joint work of specialists of TRUST bank and experts of our company allowed to solve successfully this problem".