On November, the 5th, 2018 an International forum Digital Bridge 2018 where at the plenary discussion on theme: Cyber security: “risks, strategy, world experience and new approaches” Chairman of the Committee on Information Security of the Ministry Dmitry Goloburda took part.
Also Pete Lindstrom – Vice President on security strategies of the IDC company, Gregory Hay – Managing technical director of DataGig, Binod Hampapur Randagor – Executive Vice President Infosys, Zeken Ismailov – Deputy Director of the RSE “STS” of NSC of the RK (“State Technical Service” of the national Security Committee of the Republic of Kazakhstan) were attended to this plenary discussion.
At the plenary discussion trends in informational and cyber security were discussed, necessary factors while projecting of systems of informational security managing, actual risks and threats of informational security, as well as their minimization.
As Dmitry Goloburda noted:
«Since January 2018, legislative amendments have entered into force in Kazakhstan to improve the field of information security.
In Kazakhstan, the functions and tasks of the National Information Security Coordination Center (GSOC), Operational Information Security Centers (SOC), Information Security Incident Response Service (CERT) are legally defined.
In order to ensure information security in the design of management systems, mandatory compliance with the Uniform requirements in the field of information and communication technologies and information security, approved by the Government of the Republic of Kazakhstan of December 20, 2016 No. 832, which in turn determine the systemic approaches and regulatory issues in the field of information and communication technologies and information security»
In addition, he added that in order to minimize the likelihood and potential effect of threats, it is recommended that the following 10 recommendations be followed when using ICT in professional activities:
- Work with mobile devices. Develop a mobile policy and familiarize staff with it. Apply basic security for all devices. Protect data both during transmission and during storage.
- Training and user awareness. Develop an acceptable user security and safe use policy for your systems. Include staff training in this policy. Keep staff aware of information security threats.
- Manage user privileges. Establish effective management processes and limit the number of privileged users. Limit user privileges and monitor their activities. Control access to the event log.
- Terms of use removable media. Create rules for controlling access to removable media. Limit the types of media and their use. Before connecting to the corporate network, check all media for malware.
- Secure configuration. Update the security system and ensure that the secure configuration of all systems is supported. Monitor the list of devices connected and connected to the network of organizations.
- Malware protection. Develop appropriate policies and install malware protection in your organization.
- Network security. Control the perimeter of the network. Protect your network from external and internal attacks.
- Monitoring. Develop a monitoring strategy. Continually monitor all systems and networks. Analyze the event log in search of activity that may indicate information security events. Monitor and test security controls.
- Incident Management. Provide redundancy and disaster recovery. Develop an Information Security Incident Response Plan.
- 10. Report information security incidents to law enforcement agencies and specialized organizations.