DialogNauka carried out penetration test for PJSC Zapsibkombank

The company "DialogNauka performed at the beginning of 2016 works for ^[1] on test for penetration allowing to define degree of security of an automated system of bank from the external and internal attacks from potential malefactors. DialogNauka was selected from quality of the contractor according to the results of assessment by specialists of PJSC Zapsibkombank of proposals of several Russian supplier companies of services in the field of information security. As a result of works specialists of the customer obtained the objective information about a status of information system protection of bank and possible steps on its further improvement and development.

PJSC West Siberian Commercial Bank (Zapsibkombank) is one of assets with the regional bank, the first in the size, taking the leading position among banks of the Tyumen region. The main activities — retail business, crediting of the enterprises and natural persons, attraction of financial resources in deposits and settlement and cash services. The bank provides to the clients a broad spectrum of hi-tech banking services and selects providing the high level of information security of the automated banking system as one of the main objectives.

Independent and objective assessment of a current status of protection against external and internal threats from potential malefactors in particular is necessary for the solution of this task. For this reason the management of PJSC Zapsibkombank made the decision to carry out penetration test which after the analysis of offers from possible service providers was entrusted consultants of DialogNauka company.

Testing for penetration was modeling of the attacks of potential malefactors on data assets of PJSC Zapsibkombank. The attacks directed to detection of organizational, operational and technology vulnerabilities in infrastructure of bank were simulated. The basic assessment of the existing processes of information security support was in addition carried out and the list of actions for increase in the cybersecurity level of PJSC Zapsibkombank is developed.

According to test results on penetration by consultants of DialogNauka the report which included the description of borders of audit, the used methods and means, the list of the revealed vulnerabilities and shortcomings ranged on risk level of their use by potential malefactors was prepared. The undertaken scenarios of penetration and the achieved results were described, risks assessment of cybersecurity and processes of providing Information Security of bank is carried out. Recommendations about elimination of the revealed vulnerabilities and improvement of processes of providing Information Security of PJSC Zapsibkombank and also the work plan on improvement of processes of providing Information Security were in conclusion submitted.

"IT infrastructure of financial institution executes the main role in ensuring continuity of processes of bank and services for clients. And penetration test allows to estimate, protection of this infrastructure against the attacks of real hackers is how effective in practice. Therefore we consider important this project, – the vice president of PJSC Zapsibkombank Chesnov Victor Aleksandrovich commented. – According to test results on penetration we obtained the comprehensive information about a current status of perimeter of protection of a corporate system and about possible steps on its improvement. It is sure that it will promote in the future increase in level of information security of bank".