Axenix: Service for localization of information security infrastructure

2023: Service presentation for information security infrastructure localization

Axenix on June 20, 2023 presented a service for localizing information security infrastructure in accordance with special information security requirements for CII subjects, system-forming and systemically important enterprises.

The service includes a set of measures to organize and transform the information security landscape of companies and organizations that are subjects of CII, system-forming or systemically significant (in accordance with Presidential Decree No. 250 "On Additional Measures to Ensure Information Security of the Russian Federation" of 01.05.2022).

The service includes risk assessment and development/updating of information security and IT strategies, including analysis of the current state, development of the target state, gap analysis, formation of roadmaps, list of initiatives, assessment of timing, cost, economic effect and other aspects of information security landscape re-assembly.

In addition, Axenix specialists will accompany customers in the implementation of strategies, assess risks and their impact on the business, develop and implement the operational model, processes and the information security function sourcing model.

Also, consultants will develop a targeted IT and information security architecture, select solution manufacturers/providers, implement and integrate legal-compliant information protection tools and infrastructure components into the customer landscape. At the final stage, experts will analyze the security, search for vulnerabilities and Red Team testing (imitation of an external cyber attack) of the updated landscape.

Decree of the President of the Russian Federation of 01.05.2022 No. 250 assumes that from January 2025 the Russian , companies are obliged to stop using any information security tools and resources from the current version of the official list of unfriendly foreign ones states (49, countries including USA Great Britain members). EU

The decree covers state organizations and authorities, strategic enterprises and state corporations related to critical information infrastructure (CII), system-forming and systemically important enterprises.

Those companies covered by Decree No. 250 are obliged to take a number of measures: appoint a deputy director for information security with a specialized education and create a separate information security unit. To protect data, such organizations should only involve those contractors who have an FSTEC license to carry out technical activities to protect confidential information, work with State system of detection, prevention and elimination of consequences of computer attacks (state system centers for detecting, preventing and eliminating the consequences of cyber attacks), as well as provide the FSB with unlimited access to IT infrastructure on request for security monitoring.

Based on our practice and market observations, the best choice is to prepare for digital independence, not a sharp transition to reality. In such a scenario, the foundations are laid for further development according to the carve out scenarios or the replacement of products from unfriendly countries. At the same time, all risks, costs for software, equipment and work, including the implementation of solutions and their subsequent support, are assessed. The selection of suitable vendors is carried out, the economic effectiveness of the upcoming steps is calculated, - said Nikolai Ulrich, director of infrastructure consulting practice and information security Axenix.

The Axenix solution is designed to select the optimal scenarios for switching to products and solutions for the requests of a particular organization, risk assessment and selection of the optimal software and hardware components for the new information security infrastructure.

This balanced approach allows you to choose really high-quality and reliable solutions, weigh the pros and cons of different products, optimize the budget and make the transition to a new landscape smooth and gradual. At the same time, there is not much time left for the implementation of the requirements of the decree, - said Nikolai Ulrich.