Information security in banks

From January 1, 2021, Kazakhstan banks and othe.organizations that perform certain types of banking operations will start working on special methodology for assessing information security risks. Such requirements are set by the Agency of the Republic of Kazakhstan for Regulation and Development of Financial Market.

"Methodology is intended to become the basis for financia.organizations where information security risk assessment has been carried out randomly, as well as to help all financia.organizations make this process more transparent and structured. In the future, we plan to expand the requirements for assessing information security risks to other types of financia.organizations: insuranc.organizations, securities market", the press service of security regulator reports the words of the Head of Cybersecurity Division Roman Perminov.

The entire process is divided into two main stages: identification of critical information assets and assessment of information security risks for these assets.

Information assets are information and information systems that a.organization uses in its work, such as client data storage servers, etc.

"Security regulator will monitor the implementation of this methodology b.organizations. The information security risk assessment process will also be reviewed as part of ongoing periodic audits of financial institutions. Agency has the right to request documentary evidence of all stages of risk assessment. It should be said that immediate effect should not be expected, since the risk assessment itself is a rather time-consuming and lengthy process for larg.organizations. Using this method will require the involvement of not only information security and risk specialists, but also key business areas o.organization, including management", Roman Perminov said.

Reference: Tasks of the Cybersecurity Division, Agency of the Republic of Kazakhstan for Regulation and Development of Financial Market.

• Ensuring the functioning and development of information security management system in the Agency in order to protect confidential information and other information assets of the Agency that are not classified as state secrets.
• Formation of the Agency legal and methodological framework in the field of cybersecurity, including for training specialists in the field of information and cybersecurity.
• Organization of activities of the sectoral centre for information security.
• Minimizing the consequences of cyber incidents and developing recommendations for their prevention in financial market of the Republic of Kazakhstan.
• Conducting inspections of financial market entities for compliance with established requirements of the legislation and regulatory legal acts of the Republic of Kazakhstan in the field of information security.