Customers: Rusagro
Contractors: Jet Infosystems Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Second product: Projects of IT outsourcing Project date: 2019/01 - 2019/06
|
On July 24, 2019 the Jet Infosystems company reported that the Rusagro group implements the five-year plan for transformation of the information security. The concept was developed jointly with specialists Jet Infosystems which also take part in its embodiment.
The project is dictated by the large-scale IT strategy of agroholding on business digitalization which implementation requires special attention to information security support. For receiving a complete picture of the current level of security of the enterprise specialists Jet Infosystems booked the complex audit of cybersecurity which covered the central offices and production sites at once of 4 business directions of Rusagro: meat, oil and fat, sugar and agricultural.
Developing high technology production, it is important to us to observe balance between innovations and security. Digitalization not only creates a backlog for business growth, but also puts calls in terms of its security. Therefore when implementing the strategy of development for the IT block we pay close attention to questions of cyber security what we are successfully helped by experts Jet Infosystems with, notes Pavel Dreyger, the chief of the department on information technologies of Rusagro Group
|
During audit specialists totally inspected 16 information systems and 4 industrial control systems (APCS) in all key locations of Rusagro across all Russia. The project team estimated the level of security of IT infrastructure, analyzed processes of cybersecurity and inspected corporate network storages regarding violations of requirements to storage of confidential information. Testing for penetration became one of stages of audit: imitating real cyber attacks, specialists looked for "narrow" places in security of external and internal perimeters, wireless networks and web resources of agroholding. Besides, "white" hackers checked resistance of staff of the enterprise to manipulations of malefactors, using methods of social engineering.
Based on initial audit specialists of integrator together with experts of agroholding developed the development strategy cybersecurity of Rusagro Group with perspective for 5 years. As a process framework selected the international standard on information security of ISO 27001:2013, and for more detailed study of architectural changes considered including the concept of Kill Chain describing the universal scenario of actions of the malefactor. In addition, in the plan mechanisms of control of its implementation — the annual GAP analysis of level variations of a maturity of processes of providing Information Security of the enterprise are put. The first such analysis took place at the end of 2018: it experts of Information Security Center also carried out Jet Infosystems. Based on this stage specialists held a one-day seminar for heads IT and Information security departments of each business direction of Rusagro on which they jointly defined key points of further growth of level of a maturity of processes of information security of group.
The uniqueness of the project is that it covered, in fact, four different businesses, at each of which the infrastructure and a command. It set absolutely uncommon task for us: create the harmonized strategy complete for all agroholding and at the same time considering features of each business direction, says Pavel Volchkov, the head of department of consulting of Information Security Center Jet Infosystems
|