Customers: BM-Bank Russia Moscow; Financial services, investments and auditing Contractors: Informzashita Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Project date: 2013/08 - 2014/02
|
On February 17, 2014 the Informzashita company announced project completion on creation of risk management system of violation of information security (SURIB) of Bank of Moscow.
Project Tasks
At project development of SURIB, the contractor took the standard of security of the Bank of Russia of service station of BR IBBS as a basis and adapted procedures, risks assessment techniques determined by the regulator to relevant requirements of Bank of Moscow, having complemented them with practicians of the ISO and ISACA organizations.
Project Progress
Specialists of Informzashita company collected all necessary information on information infrastructure of bank and the being available cybersecurity incidents for the last five years. Scanning of vulnerabilities checks all key components of infrastructure. More than 100 divisions of bank, 50 information systems and 1000 types of file resources and paper carriers, critical for business, are inspected.
Manual processing of such amount of data requires more than one and a half years. Specialists of Informzashita developed a prototype of the automated solution using which data are analyzed and structured during a short time frame. Texts of a prototype are transferred to bank for further development on a system basis.
Project Results
"As a result of the carried-out works seven information systems with the highest value of risk were defined, – Lev Fisenko, the director of the department of work with financial institutions of Informzashita company noted. – Some risks were given a cost assessment. The bank received data on dependence of divisions on information resources, criticalities of systems and the used means of protecting. The implemented risk management system of violation of cybersecurity increased the level of security of data assets of bank and now will allow to optimize expenditure for development of all cybersecurity system".
"Bank of Moscow received the notable results allowing to implement risk-oriented approach to questions of data protection in practice, – Vasily Okulessky, the head of department information security of Bank of Moscow told. – One of key figures of merit of the performed works is that Bank of Moscow at the moment completely fulfills all requirements of the industry standard of the Bank of Russia for providing Information Security (regarding risk management of violation of cybersecurity), the maximum 5th level of compliance on group indicators of M12, M13, M14 is appropriated to bank".