Information security in banks
08.12.2020
From January 1, 2021, Kazakhstan banks and othe.organizations that perform certain types of banking operations will start working on special methodology for assessing information security risks. Such requirements are set by the Agency of the Republic of Kazakhstan for Regulation and Development of Financial Market.
"Methodology is intended to become the basis for financia.organizations where information security risk assessment has been carried out randomly, as well as to help all financia.organizations make this process more transparent and structured. In the future, we plan to expand the requirements for assessing information security risks to other types of financia.organizations: insuranc.organizations, securities market", the press service of security regulator reports the words of the Head of Cybersecurity Division Roman Perminov. The entire process is divided into two main stages: identification of critical information assets and assessment of information security risks for these assets. Information assets are information and information systems that a.organization uses in its work, such as client data storage servers, etc. "Security regulator will monitor the implementation of this methodology b.organizations. The information security risk assessment process will also be reviewed as part of ongoing periodic audits of financial institutions. Agency has the right to request documentary evidence of all stages of risk assessment. It should be said that immediate effect should not be expected, since the risk assessment itself is a rather time-consuming and lengthy process for larg.organizations. Using this method will require the involvement of not only information security and risk specialists, but also key business areas o.organization, including management", Roman Perminov said. Reference: Tasks of the Cybersecurity Division, Agency of the Republic of Kazakhstan for Regulation and Development of Financial Market.
Views: 3915 |
|
|