"Ural Bank for Reconstruction and Development" transferred to outsourcing of control procedure over compliance to requirements of cybersecurity

On June 26, 2014 the Jet Infosystems company announced acceptance of group of tasks of ensuring compliance of the systems of Ural Bank for Reconstruction and Development to requirements of the PCI DSS standard in the outsourcing mode and also identification and processing of incidents of cybersecurity.

Project Tasks

"The next recertification on compliance to requirements of the PCI DSS standard showed that the IC list, entering a certification zone, drama grew, and automation of process of identification and processing of incidents is relevant more than ever earlier, – the head of department of security of information systems of Ural Bank for Reconstruction and Development Alexander Paderin comments. – However creation of own SOC is integrated to the considerable capital investments, search and a set of the highly skilled personnel capable to provide high-quality and round-the-clock monitoring of incidents. According to the results of assessment of such costs we came to a conclusion that the most optimal variant for improvement of the existing incident management process is the outsourcing model of cooperation".

The Jet Infosystems company which started own commercial SOC (JSOC) in 2013 became the partner in the project. Its architecture and processes are built taking into account the best world practices of cybersecurity and conform to requirements of the standards PCI DSS, ISO/IEC 27001, service station of BR IBBS.

Project Progress

Experts of Jet Infosystems company together with cybersecurity specialists of the customer executed profiling of infrastructure of bank (having selected in it the zones entrusted, not entrusted of the increased criticality, etc.) and activities of users in them. Also necessary scenarios on collecting of incidents were optimized and the corresponding security policies are configured.

Project Results

To commercial center of monitoring and response to incidents (Jet Security Operation Center, JSOC) connects all information systems of bank entering cathe of action of the PCI DSS standard.

"Time of our reaction to an incident and basic diagnostics (with issue of the conclusion about the reasons, a source and the recommended counteraction measures) for incidents of high criticality is not exceeded by 30 minutes. It allows to counteract effectively arising incidents in a short time. At the same time fruitful interaction of our command and specialists of bank allowed to undergo as fast as possible process of profiling of activities and adaptation of incidents and to pass to active monitoring of incidents. From the moment of start of the project before complete connection of sources and detection of the first incident passed no more than a month", – Vladimir Dryukov, the head of outsourcing of cybersecurity of Information Security Center of Jet Infosystems company told.

Experts of Jet Infosystems company carry out monthly stress tests of a monitoring system and response to cybersecurity incidents during which incidents are purposefully generated and work of the first line of employees [Jet Security Operation Center|JSOC]], rules of correlation and a system in general is estimated.