Information Security Audit CSBI has always paid special attention to providing information security. And we have managed to achieve considerable results in this area: during the 15 years in the market of banking solutions development and integration no incidents of information leakage or hacker attacks on information systems of the bank were registered. IBS Bankir is considered to be one of the best protected systems in the market. Currently we have decided to market information security as a single product.
The Central Bank of Russia recommends information security systems to be audited at least once a year. At the same time, timely elimination of possible gaps and generation of missing documentation would help the bank to stay in compliance with the requirements of the Central Bank on information security.
 Information Security Audit Goals:
1. The audit will assist in getting a realistic picture on the information protection in a bank and will help minimize the risks of leakage. What’s better: to invest a small amount of money into evaluation and elimination of “weak spots” in the information security system of the bank than to sustain heavy losses in millions of dollars as well as reputation losses from unlawful acts of intruders.
2. The audit will help you understand whether the information security system is in conformity with the industry standard, accepted by Central Bank of Russia – “Ñòàíäàðò ÑÒÎ ÁÐ ÈÁÁÑ – 1.0-2006” “Providing the Information Security in Banking Organizations of the Russian Federation”.
3. A full set of documentation on information security will be generated based on the analysis.
Audit Process - Steps to Check the Conformity to the Standard of the Bank of Russia:
1. Initial information security system audit planning.
2. Documentation assessment and analysis.
3. Audit field work.
4. Information security system audit - final report generation and approval.
5. Delivery of regulatory documentation.
6. Completion of information security system audit.
Based on the audit results and upon consultation with the bank the following documentation may be generated:
• Audit report on compliance of the information security of a banking organization to the recommended standard “Providing the Information Security in Banking Organizations of the Russian Federation. General provisions.”
• The information security policy concept.
• Information security policy.
• Statement on information security of the Bank.
• A crisis management contingency plan for core banking systems.
• Sensitive information policy.
• Emergency log book.
• Damage protection plan for information security.
• A guide on making changes in the users lists and assigning them the access rights to the information resources of the Bank
• A guide on introducing changes into the system composition and the technical and software configuration of core banking systems.
• A guide on staff working in the Internet.
• A guide on password security.
• A guide on planning an antivirus strategy.
• Core banking system user guide on information security policy.
• A guide for security administrator.
• Analytical report on information security audit of the core banking system.
• Requirements to the new software product development process.
• Statement on providing access rights to users of core banking systems.
• Statement on information carrier accounting, storage and usage.
• Statement on data back-up.
• Recommendations on potential damage elimination and information security system improvement.
Why choose CSBI and not an Auditing Firm?
1. We have been in the business of developing and implementing the information systems for banks for 15 years. So we know the “vulnerable areas” like no one else and we understand the challenges that banks face. Auditing firms usually limit their study mainly to the regulatory documentations of a Bank and do not go in-depth in understanding the realistic situation with the information security. Do you need a real or a “virtual” assessment?
2. After having analyzed the audit results we will not only prepare reports and resolutions, but we will also suggest a follow-up plan to eliminate the ‘bottlenecks’ and improve the information security system of the bank. And in case the bank shows interest, we would provide full support in implementation and support of the suggested changes.
3. CSBI is licensed by the Federal Service of Technical and Export Control to implement steps and render services on technical protection of confidential information, while the quality management system of CSBI complies with the international standa
|
