Information security is a complete comprehensive solution that allows to detect the current threats and information security vulnerability of the information owner and properly organize protection, prevent threats to enterprise information security in the course of data receipt, storage, processing and use or withhold within the framework of the RF legislation.
The Information Security of corporate data assets and telecommunication infrastructure is implemented at the following levels:
● IS audit;
● malware / malicious code protection;
● network security;
● operating system security;
● cryptographical security;
● data base security;
● application security;
● virtual platform security.
The Corporate Information security management is performed in terms of Information Security risk management, updating policies, threat models and Information Security violators. The corporate compliance check of information systems of the company examines whether it corresponds to the requirements of the Information Security internal policies and regulatory documents of the regulators (the RF law, the in-house documents of the FSB (Federal Security Service), the FSTEC (Federal Service for Technical and Export Control), the Roscomnadzor (Federal Supervision Agency for Information Technologies, Communications and Mass Media);
The main functions of the Information Security support system are security incident centralized management, account management, centralized end-to-end authentication, access control and Information Security risk management. Technically, these functions are performed by means of SIEM, IDM, Access Management, ESSO, Risk management class solutions.
Specialized Information Security subsystems bring into effect:
● Malware Effect Information Security;
● Software and hardware security protection against unauthorized access and information leakage (solution class ISS against UA and DLP);
● Network Protection and Security (firewall, network authentication, network equipment configuration analysis);
● Data Base Protection and Security (Data Base Protection Solutions);
● Operating Systems Security (MS Windows, AIX, RedHat Enterprise Linux, Suse Linux, HP-UX, HP-Tru64, OpenVMS, Solaris, z/OS, Linux for System z) both by means of built-in protection settings, and by means of the specialized software (Privileged Identity Management).
● Data Processing Consolidated Center ISS (Information Security System), the Bank of Russia (Moscow);
● Data Processing Consolidated Center ISS (Information Security System), the Bank of Russia (Saint Petersburg);
● Data Processing Consolidated Center ISS (Information Security System), the Bank of Russia (Nizhny Novgorod);
● Information Security Subsystem of CIAS MINSELKHOZ RF (Central Information Analytical System of the Ministry of Agriculture of the RF).