Remote service accounts (RSA) in Ukraine should be modernized
Interview with the Director of the Department of Information Security of the National Bank of Ukraine Dmytro Lukyanov
At a conference in July you said that some of the regulations governing the activities of banks associated with the functioning of systems, remote service accounts (RSA) and information security management system (ISMS), must follow the modern requirements. What's the problem with them?
Lukyanov: In modern conditions of development of information technologies, obviously, the document approved in 2004, cannot meet the challenges in the field of information security. Therefore, approaches to regulate issues of the remote service accounts (RSA), set by the information security instructions from 21.01.2004 №22 "About clearing settlements in the national currencyin Ukraine", do not not meet the needs of modern systems of "client - bank" that exist in the world today.
These approaches need to be modernized. That is why we have included this issue to the strategic development program of the information security of the National Bank of Ukraine (NBU) and the banking system of Ukraine until 2020.
112.ua: What is already done to correct these gaps in the legislation?
Lukyanov: During this time, we began to communicate with banks and gathered suggestions for improvement requirements and minimizing information security risks when using RSA. We have also received information about the vision of the issue from the banks. The results were discussed in terms of Independent Association of Ukrainian Banks in July 2015.
We concluded that practical experience of Ukrainian banks should be taken into consieration to solve the issue of RSA. It is important to follow the new trends and developments of the "client - bank" automation systems.
It should be noted that we plan to create a thematic area with the involvement of bank professionals, RSA software developers. This is to ensure information security, and it's convenience for the consumer.
112.ua: At what stage is the process of building ISMS?
Lukyanov: Question of ISMS is not new for the Ukrainian banks. We rather need to talk bout the further development and improvement of ISMS based on the learned lessons. The NBU Department of Information Security in July 2015 established a Working Group on ISMS. Today it is the only "communication platform" for information security issues between the regulator and banks. Working Group allows us to consider and develop appropriate initiatives/projects documents on-line.
Today there are more than 40 banks in the Working Group on ISMS and more than 50 experts - representatives of the Ukrainian banks and associations. The participants identified five areas of work. Also, thematic sub-groups to work out other issues.
Working Group deals with the application of the new version of line ISO/IEC standards 2700: 2013, an analysis of current approaches of ISMS audits, the question of the possibility and feasibility of using other international standards. After receiving the results, the subgroups will hold the second extended meeting.
- RUSSIA18:22Sergei Oznobischev: "Tea with plutonium"
- FINANCE11:11Mykola Martynenko: "Why Ukraine is called "toxic dead zone" for investments"
- RUSSIA22:00Igor Eidman: "Putin's plutonium bluff"
- POLITICS23:15Volodymyr Vasylenko: "We need to create anti-Putin coalition following example of anti-Hitler, - diplomat"
- UKRAINE CRISIS 22:03Bohdan Yaremenko: "Ukrainian authorities do not think about the next steps, but about today's benefit"
- POLITICS09:44Andreas Umland: "OUN is presented as a standard of Ukrainian patriotism"
- SPORT13:49Bogdan Kulynych: "The price of the victory: Ukraine's "gold" at the Paralympics"
- POLITICS17:45Newt Gingrich: "Former Speaker of US Congress: President Trump to sell arms to Ukraine"
- SPORT10:07Olena Yurkovska: "Ukrainian society beginns to accept Paralympic participants as athletes"
- SPORT21:05 112.ua: "Olympic revelations: Officials did everything so that Ukraine received no medals"
SOCIETY 10:30, 18 July Matriculation campaign 2015: new challenges for Ukraine
18:10, 25 October Parties to Minks group to discuss new disengagement areas in Donbas