Atomredmetzoloto completes the project of a management system of cybersecurity according to the international standard ISO

The LETA company completes implementation of the first in nuclear sector of Russia complex project on creation of the information security management system (ISMS) according to requirements and the recommendations of the international standard ISO/IEC 27001:2005 (ISO 27001), the press service of the company reported on November 27, 2012. The customer - a mining division of ROSATOM State Corporation Uranium holding ARMZ (JSC Atomredmetzoloto).

Background

"Development and deployment of SUIB according to ISO 27001 — an important element of strategy implementation of information security of ARMZ: development and improvement of IT technologies out of a context of modern complex approach to security bears in themselves significant risks — Yury Tokmachev, the deputy CEO — the security director of JSC Atomredmetzoloto noted. — It is especially relevant for the enterprises of nuclear sector having a strategic importance for Russia. The project is performed within the concept of transformation of IT and cybersecurity of ROSATOM State Corporation.

"The company contractor had to create an end-to-end system of information security according to the stated requirements which were among ability to integrate into the existing information environment without significant changes, use of the equipment similar to what already works in ARMZ. When choosing the contractor the cost of proposed solution and readiness of our specialists to support him were taken into account", - Sergey Ovchinnikov, the project manager from JSC Atomredmetzoloto told.

Processes

All works on system implementation of information security management of ARMZ were broken into 5 main stages. On the first experts of LETA booked the complex audit of cybersecurity including search and the analysis of the available vulnerabilities in information systems of the company and in the organization of information security support and also the analysis of compliance to requirements of ISO 27001.

Within the second stage works on the detailed cybersecurity risks assessment, including carrying out inventory of the existing data assets, assessment of their criticality for the organization, identification of the existing threats of cybersecurity and determination of probability of their implementation for the corresponding data assets were performed. Also the technique of evaluating risks of cybersecurity was developed.

At the third stage experts of LETA designed processes of SUIB, distributed roles and duties of staff of Holding in the designed SUIB, prepared accompanying regulating and technical documentation; developed and adapted mechanisms of implementation of requirements of SUIB in the real system of JSC Atomredmetzoloto.

The fourth stage is devoted to development of the system of training of staff of Holding.

At the final stage experts of LETA advised and accompanied process of implementation of SUIB in JSC Atomredmetzoloto.

"The high level of modern means of illegal obtaining information and value of data for the companies and their clients does protection of data assets extremely important — Alexander Belkin, the commercial director of LETA company reported. — Advantages of the organization in which there is a cybersecurity management system certified on compliance to requirements of the international standard ISO/IEC 27001:2005 are very considerable and include such aspects as an exception of the unacceptable risks connected with operation of IT systems, cost optimization on providing Information Security due to more effective use of the available means, increase in sensibleness and controllability of processes of providing Information Security".

"The information security management system provides consolidation of all technical and organizational measures applied at the enterprise in the uniform the managed complex adequate to real threats allowing to achieve the goals of information security at the level of all enterprise. In particular, allows to define accurately how processes and subsystems of cybersecurity who is responsible for them what financial and labor resources are necessary for their effective functioning, etc. are interconnected — Alexander Malyavkin, the CEO of LETA company says. — Our company keeps large projects on development of systems of management of cybersecurity in Russia and the CIS countries long ago. The project in JSC Atomredmetzoloto became one of the most large-scale for the last few years. The management of JSC Atomredmetzoloto set the difficult task for us — in rather short terms we needed to construct SUIB of the largest enterprise of nuclear sector of Russia".