Informzashita carried out the assessment of level of compliance of the cybersecurity system "Infinitum" to requirements of GOST for data protection

2019: Conformity assessment of SOIB to requirements of GOST

On July 25, 2019 the Informzashita company announced project completion on conformity assessment of a system of providing and information security management (SOIB) of JSC Specialized Depositary INFINITUM to requirements of GOST P 57580.1-2017.

GOST P 57580.1-2017 "Data protection of financial institutions. The basic structure of organizational and technical measures" determines levels of data protection and requirements to keeping of basic structure of measures of its protection corresponding to them which are applied by financial institutions to implementation of the requirements set by regulations of the Bank of Russia. Further the standard will become obligatory for non-credit financial institutions therefore for "INFINITUM" it was important to receive beforehand professional recommendations about improvement of SOIB.

The project was executed in three months and passed in two stages. The first stage consisted of three stages: carrying out a preliminary estimate of compliance and approval of intermediate results, conformity assessments and developments of final documents by its results and also preparation of recommendations about improvement of SOIB "INFINITUM". During the second stage the regulating documentation on ensuring data protection within GOST P 57580.1-2017 was developed.

Carrying out the analysis infrastructures of the company regarding the used program assets on methodology Microsoft Software Asset Management (SAM) which integral part is SAM Cybersecurity Assessment became an important element of the project. It will allow not only to raise the overall level cyber security, but also to optimize use of the software in the company.

In a project deliverable the reports describing the current level of compliance of SOIB "INFINITUM" to state standard specification and also recommendation about increase in these indicators were prepared. Recommendations included offers on making changes in the technical and organizational making systems of providing and information security management on the basis of which in "INFINITUM" the plan of improvement of SOIB was prepared.

"The project meant collecting and different analysis of information on network infrastructure of the company, systems and also the involved technologies used for functioning business processovinformatsionnykh, hardware and the software. The received assessment of a system of providing and information security management reflects completeness of the selected protective measures and also quality of implementation of processes in "INFINITUM", noted Maxim Kazatsky, the senior auditor of department of security of banking systems of Informzashita

During the project the workers responsible for the organization and safety of work of corporate network "INFINITUM" were interviewed, the analysis of the acquired information is carried out, the corresponding recommendations are developed. Specialists of Informzashita actively used own tool for automation of the procedure of calculation of conformity assessment.

"The project began to be implemented to an exit Bank Russia of Provision No. 684-P which obliges since January 1, 2021 conform to requirements for providing the standard level of data protection. Thus, "INFINITUM" takes specific actions for accomplishment of all requirements of the regulator. Based on the assessment which is carried out by Informzashita we consider need of a number of additional technical and organizational measures according to the received recommendations", noted' Alexander Bragin, the head of security of JSC Specialized Depositary INFINITUM