The Sovetsky bank implements new ISPDN and the solution of control of defense of perimeter of CIS

Microtest completed the project of external audit of security ISPDN of Bank Sovetsky Ltd and implementing solution of information system protection.

Background

Following requirements of the Federal law of 7/27/2006 No. 152-FZ "About personal data", top management of bank initiated the complex project on personal data protection of clients.

For implementation of the complex project the Sovetsky bank selected the St. Petersburg office of Microtest system integrator from quality of the contractor.

Solution

The project includes 5 key stages:

• audit of personal data information systems (ISPDN);
• development of organizational and administrative documents;
• creation ISPDN;
• organization of work of a personal data operator;
• certification ISPDN.

Specialists Microtest booked audit ISPDN, executed classification of personal data, developed model of threats and prepared a set of organizational and administrative documents. Then, according to the project plan, at a stage of creation ISPDN two new solutions were implemented:

• information security monitoring system;
• system of protection of corporate network.

Result

The security control system created based on Maxpatrol software is intended for the centralized assessment of security of information resources of bank. Using a system control of compliance to the IB corporate standards, including regarding requirements 152-FZ is provided, inventory and change control in IT infrastructure, detection of vulnerabilities, security assessment on the set indicators is carried out.

The implemented system of protection of corporate network is provided with additional opportunities for prevention of the attacks, filtering of web traffic, defense of perimeter ISPDN.

Based on three stages of the large-scale project the bank fulfilled the requirements of regulators, having excluded for itself risk of sanctions for violations in personal data processing. New ISPDN are integrated into IT infrastructure of bank and reduce risks of leaks of other confidential information processed in bank.