Get best of the week

Likbez on Compliance: we understand the requirements of regulators in the field of information security

Hello, Habr!

And quarantine has advantages - we have time to prepare some more training webinars on information security ( see information security webinars here ). Hackers and network attacks are, of course, exciting, but almost any security guard also encounters the other side of information security - the requirements of regulators. Therefore, we made this series of webinars on the subject of IB Compliance. It will be useful for both the student and the experienced security guard who wants to refresh their memory and learn about the latest changes in the normative.

We have already held two educational programs and are planning at least two more online events. Under the cut - details of upcoming online meetings and recordings of past webinars.



What will it be about?


Practical tips for categorizing KII objects


After the release in July 2017 of the 187- “On the Security of the Critical Information Infrastructure of the Russian Federation”, by-laws are regularly updated, and recently, toughening of penalties for failure to comply with the requirements for ensuring the security of KII has been discussed. Everything suggests that you need to "keep abreast" for the timely and correct implementation of the requirements of regulators.



In the first part of the educational program, we will help to understand the structure of regulatory documents in terms of KII, share practical experience in categorizing objects and filling out forms by Order of the FSTEC of Russia No. 236. In the second part we will talk about the next steps after categorization - the creation of security systems. An online event will be of interest to those who are just planning to begin categorizing KII objects or are already dealing with this issue and have encountered a number of difficulties. So what we discuss:

  • KII safety requirements: to whom do they apply, what regulatory documents govern
  • How to identify KII objects: what are significant and insignificant OCII
  • How to categorize KII objects: key features, main categorization indicators
  • How to fill out forms by Order of the FSTEC of Russia No. 236, how to avoid errors when sending such forms to the regulator
  • Creation of security systems: components, distribution of roles, ARD, protective equipment

Participate >>

How to take into account all the requirements of the Central Bank of the Russian Federation and pass an audit


Recently, the Bank of Russia has developed a large number of regulatory requirements in the field of information security (672-P, 683-P and not only), the "core" of which is the standard GOST R 57580. Plus, the regulator is now planning a number of amendments to Regulation 382-P, which will also refer to the “GOST” standard. The educational program will be devoted to just all the changes in the field of information security associated with these requirements. We will also tell you about which information systems the regulator's provisions apply to.

We will analyze the typical violations that are identified during audits and show you how to avoid them. The structure of the meeting will be something like this:

  • : 382-, 57580.1-2017, 57580.2-2018, 672-, 683-/684
  • ,
  • 382- 57580



UPD: >>

4


Recently, we conducted an educational program where we discussed the new requirements of the Bank of Russia for checking software for vulnerabilities by the estimated level of trust (OUD 4) in the framework of GOST R ISO / IEC 15408-3-2013. Record of the webinar >>


Practical recommendations were also analyzed on how to optimally approach the implementation of a project for analyzing software vulnerabilities, namely:

  • In what cases does the organization need to conduct an assessment of compliance with the requirements of the EMA 4
  • What is a typical software vulnerability analysis project in accordance with the requirements of GOST R ISO / IEC 15408-3-2013
  • How to approach the project if there is no necessary initial data
  • How to optimize the costs of a financial institution to achieve the required level of assessment


Getting ready to check Roskomnadzor




Another educational program concerned the current regulatory and legal acts in the field of information security, the protection of personal data and all stages of preparation for the verification of Roskomnadzor:

  • General regulatory requirements in the field of information security
  • Key requirements 152- “On personal data”
  • Preparation before the arrival of the regulator
  • Preparation for documentary verification (what documents are needed, in what form they need to be provided and how)
  • Which units will be involved in the audit?
  • How field inspection is carried out
  • What happens when verification is complete

You can listen in detail to the webinar >>

If you are interested in other topics in the field of Compliance, write in the comments. If interested typed, let's do it!

More articles:


All Articles