The Ministry of Finance of the Russian Federation improved an information security system

On February 11, 2015 the IBS company announced project completion of upgrade of an information security system in information systems of the Ministry of Finance of the Russian Federation.

Project Tasks

Main objective of the project - ensuring the data protection processed in information systems of the Ministry of Finance of the Russian Federation according to requirements of FSTEC of Russia and FSB of Russia, model of threats, the Concept of security of information in information systems of the Ministry of Finance of the Russian Federation.

Ministry of Finance of the Russian Federation, 2013

Information systems of the Ministry of Finance of the Russian Federation provide themselves a set of information services for the state, municipal and private organizations, citizens of the Russian Federation. They are unrolled in the virtualized infrastructure of computing "cloud" of the Ministry of Finance of the Russian Federation in which both open information, and data of limited access, including personal data is processed.

Smooth functioning of information systems of the Ministry of Finance of the Russian Federation is critical for successful functioning of a system of public finances of the Russian Federation.

Project Progress

During the course of performance the project prototyping of a system of security of information is carried out, the correctness of creation of its architecture provided in the approved Concept of security of information in information systems of the Ministry of Finance of the Russian Federation is confirmed. Specialists of IBS company executed techno design engineering of an information security system, delivered and mounted components, carried out commissioning, carried out certification of mechanisms of data protection in the application software of key information systems and certification of information systems on compliance to security requirements of use of information.

As a part of infrastructure of an information security system:

• means of protecting from unauthorized access to information for Windows and Linux systems;

• virtualization environment means of protecting;

• means of cryptographic information protection by transfer through open channels (gateways of access to information resources);

• means of firewalling;

• sensors and counteractions to invasions at the different levels;

• means of protecting from DDoS attacks, attacks on web applications and databases;

• control facilities of security and detection of vulnerabilities of IT infrastructure and application software;

• monitors of events and identification of incidents of information security.

Works are performed in 4 months.

Project Results

Dmitry Romanchenko, the director of department of information security of IBS, told: "The system of protection was constructed in full accordance with the operating regulatory legal acts, in particular, requirements of Orders 17 and 21 of FSTEC are implemented, the software certified as appropriate and the equipment was delivered, certification of a system is carried out. As a result the Ministry of Finance of the Russian Federation received instruments of control and the analysis of vulnerabilities of IT infrastructure and the applied systems and also a modern echelon monitoring system and counteractions to the attacks on IT infrastructure and application services. In our opinion, this project can be recommended as reference on smooth transition to the protected departmental computing cloud in which the necessary security level of information according to requirements of FSTEC of Russia and FSB of Russia for the state information systems is provided".

Sergey Mironov, the associate director of department of information technologies in the field of management of the public and municipal finances and information support of budget process of the Ministry of Finance of the Russian Federation, noted: "In the current situation which is characterized by the high level of various threats, the problem of security of information for state bodies has the highest priority. The project implemented in the Ministry of Finance of the Russian Federation allowed to increase significantly in the shortest possible time the level of security of information resources, having provided adequate protection against modern threats in full accordance with requirements of FSTEC of Russia and FSB of Russia. Need of accomplishment of all works on productive infrastructure without visible stops of the provided services with which we together with IBS company perfectly coped was one of essential difficulties of the project: breaks in work of services were minimum and imperceptible for employees of the Ministry of Finance of the Russian Federation and external users. The second important project deliverable was that implementation of means of protecting had no significant effect on high-speed performance of services".