UTSB implemented EPlat4m Security GRC at the Perm Mashinostroitel plant

2024: Implementation of UDV ePlat4m SGRC system modules

The Center team cyber security CSSB put into operation the Perm plant "Mashinostroitel" system modules. UDV ePlat4m SGRC Thanks to the implementation of specialized SGRC solutions at the enterprise, it was possible to increase the speed and accuracy of processing by data objects. The CUES UTSB announced this on November 1, 2024.

Perm Mashinostroitel plant is part of military-industrial corporation "" and NPO Mechanical Engineering is engaged in the production of aviation equipment, rocket technology space , equipment for, oil industry petrochemistry and other strategically important areas. the country's economy For such an enterprise, processes information security are of great importance, and the presence of a large number of objects () critical information infrastructure CUES also obliges to monitor changes in legislation and comply with the requirements of regulatory authorities.

Categorization of CII objects, updating the threat model and the formation of reporting documentation are regular processes that take a large amount of time for qualified specialists of the enterprise information security service. In order to increase the level of control and control of these processes, increase the speed and reduce labor costs for their implementation, UDV ePlat4m SGRC software was introduced, namely two modules of the system - "OKII Categorization Management" and "Information Security Requirements (Documents) Management." The UTS team conducted a pre-design inspection of the infrastructure for the installation, ON put into operation the modules and developed documentation for the delivered. software

Data on CII objects are fully recorded and processed by the information system. The implementation of SGRC made it possible to significantly speed up the updating and development of organizational and administrative documents. The system corrects the threat model and significantly speeds up the development of new models in the event of an upgrade of the existing infrastructure. The introduction of such tools increases the efficiency of the information security service - now these processes are fully automated and do not depend on the human factor, "said Vadim Pozhgarykh, head of the department for countering foreign technical intelligence and technical protection of information at the Mashinostroitel plant.

The use of information security automation systems saves specialists from time-consuming, but essentially routine tasks, frees up time for solving specific issues and strategic planning. Based on the already implemented SGRC modules, it is possible to develop and improve automation processes, introduce new comprehensive tools to increase the level of cybersecurity of the infrastructure, "added Anastasia Fedorenko, head of the Information Security Automation Department of the UTS.