Aeroflot will learn to manage risks in the field of cybersecurity

In 2014 Aeroflot expects to implement technology of management and risks assessment of the information security (IS) in IT systems of the company, follows from the project documentation published at the end of March. Using this technology Aeroflot expects to reduce the risks connected with possible damage to company assets from implementation of cybersecurity threats, to estimate the actual level of security of IT systems from relevant threats and vulnerabilities and also to plan and prove costs for means of ensuring of cybersecurity.

Project works are going to be carried out in four steps. On the first of them in Aeroflot examination of a current status of management and risks assessment of cybersecurity in IT systems, the analysis of business processes of the company and processes of providing Information Security will be conducted. The second stage assumes development of technology of risk management of cybersecurity in IT systems.

The third stage includes setup of the sensor of vulnerabilities and the automation equipment of risk management process of cybersecurity and also their integration with services of the IT block, and the fourth - test operation of technology of management and risks assessment of cybersecurity and development of recommendations about its implementation in the companies.

Aeroflot expects to complete development and testing of technology of management and risks assessment of cybersecurity in February, 2015

On the basis of the conducted examination and the subsequent choice of a control technique by risks of cybersecurity the pilot zone should be selected from one of DPCs of Aeroflot on which the possibility of use of the automation equipment of this process will be estimated.

In requirements to a pilot zone it is specified that in it in virtual environment the automation equipment of risk management process of cybersecurity and the sensor of vulnerabilities should be installed.

At the same time should act as the sensor of vulnerabilities of data as software MaxPatrol of the company Positive Technologies to which servers and workstations running OS Windows and Linux, Oracle DBMS and MS SQL, network equipment Cisco and also business applications will be connected SAP.

Aeroflot does not specify preferences on products of specific vendors during creation of the automation equipment of risk management process of cybersecurity. In requirements to it it is spoken that it should be flexible and scalable, have modular architecture and allow to increase the functionality based on a single technology and architectural platform, to support work on mobile devices running different OS, etc.