SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

IRP/SOAR by law. Finance

IRP/SOAR by law. Finance
18.10.2021

Ruslan Rakhmetov, Security Vision


IRP/SOAR/SGRC areas have existed on the Russian IS market relatively recently. We decided to analyse the demand for IRP/SOAR/SGRC systems in the context of legislation and answer the question of what regulatory requirements exist and what is the position of the industry regulator on the most common issues.


In the materials we decided to give only dry facts and to split them into a series of publications as follows:

1. IRP/SOAR analytics on the law for:

a. Financial sector

b. CII sector

c. Public sector

2. SGRC analytics by law for:

a. Financial sector

b. CII sector

c. Public sector

In our practice, we often come across questions about security certification, about which classes and categories our platform is suitable for. We provide a certificate and say what requirements the platform is certified to. And yet the question remains behind the scenes, what are the regulations, recommendations and requirements for IRP/SOAR/SGRC class systems.

So let's begin, IRP/SOAR by law. Finance.


PCI DSS Standard version 3.2.1 dated May 2018. "Payment Card Industry Data Security Standard. Security Audit Requirements and Procedures’.


10.1 Implement an event log linking any access to system components to a specific user.

10.2 Perform automated event logging of all system components to recover the following events:....

...

10.6 Review the event logs and security events of all system components to detect anomalies or suspicious activity.

...

10.7 Retain event logs for at least one year, and operationally available for at least three months....

...

12.10 Implement an incident response plan. Be prepared to respond immediately to a system breach.


12.10.1 Develop an incident response plan applicable in the event of a system breach....

...

12.10.5 Include in the plan procedures for responding to alerts from security monitoring systems....


Recommendations in the field of standardisation of the Bank of Russia RS BR IBBS-2.5-2014 dated 01.06.2014 ‘Ensuring information security of organisations of the banking system of the Russian Federation. Management of information security incidents’.


6.5.1 It is recommended to include in the composition of technical, including software, means used as part of the activities for detecting and responding to IS incidents (hereinafter - technical means):

- technical means for generating data that are sources of information on IS events and IS incidents, in accordance with the recommendations set forth in paras. 6.4.4 of this document;

- technical means for centralised collection of information on IS events, correlation of information on IS events and detection of IS incidents on the basis of established rules (hereinafter referred to as IS monitoring means);

- technical means of control of protective measures applied in the BS RF organisation;

- technical means of automating the processes of response to IS incidents, including storage of information on IS events and IS incidents.


6.5.2 The means of IS monitoring and control of protective measures shall fulfil the following main functions:

- tracking and recording of IS events for the purpose of detecting IS incidents;

- aggregation of received information on IS events, correlation of information on IS events, detection of IS incidents on the basis of criteria and rules established in the BS RF organisation;

- Current control of the functioning of the applied information protection means and detection of deviations in their operation from the standard mode;

- current control over the actions of users and operating personnel and detection of irregularities in the operation of technical means.

...


6.5.4 Technical means of automation of IS incident response processes shall ensure the following functions:

- storage and protection of information on IS events and IS incidents;

- classification of IS incidents, determination of attributes of IS incidents in accordance with the classifier of IS incidents applied in the BS RF organisation;

- implementation of role-based access to information on IS incidents for the members of the GRIIB (information security incident response team) in accordance with their assigned roles within the GRIIB;

- tracking and control over the implementation of IS incident response stages and control over the fulfilment by the GRIIB members of the established IS incident response regulations.

...


7.3.1 It is recommended that IS incident detection and response activities be organised in accordance with the following general algorithm:

...

- registration of information on IS events, including collection of information related to the IS event, initial evaluation of the collected information, performed by the GRIIB operator-dispatcher. .... It is recommended to use technical means of IS monitoring that performs automatic detection of IS incidents from the flow of information on IS events in accordance with the established rules of correlation of IS events;

...

7.3.2 The management of the IS incident response process and the recording of information within the IS incident response process shall be performed through the use of the IS incident classifier. The IS incident classifier shall be used to identify and record information about an IS incident (attributes of an IS incident) identified during the IS incident response process by the BS RF organisation employees involved in IS incident response activities.


7.3.3 The IS incident classifier shall be used to formalise the process of generating an IS incident record of the centralised IS incident database (identification of IS incident attributes) during the IS incident detection and IS incident response phases, including the following activities:

- Initial assessment of an IS event, which is performed by determining the values of the highlighted attributes (attributes) of an IS incident. The values of these attributes are entered into the IS incident record that is created;

- managing the process of alerting specific members of the GRIIB and the head of the GRIIB depending on the identified attributes of the IS incident;

- deciding whether to escalate an IS incident depending on the defined attributes of the IS incident;

- determination of the values of the IS incident attributes by the employees of the BS RF organisation responding to the IS incident;

- determination of IS incident attribute values based on the results of IS incident closure;

- recording of facts about incorrect (false) classification of an IS event as an IS incident.


7.3.4 When regulating the actions of the GRIIB members and other employees of the BS RF organisation involved in responding to IS incidents, it is recommended to link these actions to the values of individual attributes of the IS incident in the IS incident record, as well as to provide for the maintenance of the IS incident record in accordance with the current IS incident classifier.


Standard of the Bank of Russia STO BR BFBO-1.5-2018 dated 01.11.2018 ‘Security of financial (banking) operations. Management of information security incidents. On the forms and terms of interaction of the Bank of Russia with the participants of information exchange when identifying incidents related to violation of information security requirements’.


3.2 For the purposes of this Standard, an incident related to a breach of information security requirements shall mean one or a series of related undesirable or unexpected information security events that may lead or have led to the following negative consequences:


transfer of funds without the client's consent;


carrying out a financial (banking) transaction without the client's consent;


failure to provide or untimely provision of money transfer services;


failure to render or untimely rendering of financial (banking) services.


Information protection events include the following events:


(a) Receipt of notifications by the participants of information exchange...

...

b) identified occurrence and (or) change of state of a set of objects and access resources, means and systems of information processing, including automated systems (hereinafter - AS) used to ensure informatisation of business processes and (or) technological processes of participants of information exchange, resulting in the following consequences....


Standard of the Bank of Russia STO BR IBBS-1.3-2016 dated 01.01.2017 ‘Ensuring information security of organisations of the banking system of the Russian Federation. Collection and analysis of technical data when responding to information security incidents in the course of money transfers’.


6.1 It is recommended to collect technical data within the framework of the established and documented activities on collection and recording of information on IS incidents, performed in accordance with RS BR IBBS-2.5.

As part of the activities for collecting and recording information on IS incidents, it is recommended that for each IS incident, in addition to the collection of technical data, it is recommended to ensure the collection and documentation of overview information on the IS incident - an IS incident profile describing:

- the manner in which the IS incident was identified;

- the source of information about the IS incident;

- the content of the IS incident information received from the source;

- the scenario of the IS incident realisation;

- the date and time when the IS incident was detected;

- the composition of the information infrastructure involved in the IS incident, including that affected by the IS incident, its criticality level for the BS RF organisation's activities;

- methods of connecting the information infrastructure involved in the IS incident to the Internet or public networks;

- contact information of the BS RF organisation's employees whose area of responsibility includes ensuring the operation of the information infrastructure involved in the IS incident;

- information on the telecom operator and Internet provider.

...


It is recommended to realise the collection of the following technical data:

6.3.1 Customer information infrastructure:

- Non-volatile technical data located on the storage devices of computer hardware equipment (CME) used by clients to access RBS systems:

- server equipment;

- desktop computers, laptops;

- mobile devices and tablets;

- energy-dependent technical data located in the RAM of the BAS used by clients to access RBS systems;

- energy-dependent technical data of the BAS operating systems used by clients to access RBS systems:

- data on network configurations;

- data on network connections;

- data on running programme processes;

- data on open files;

- list of open access sessions;

- system date and time of the operating system;

- protocols (logs) of registration of telecommunication equipment used by clients to access RBS systems:

- routers, switches, wireless access points and controllers, modems;

- DHCP services;

- protocols (logs) of registration of information protection means:

- means (systems) of authentication, authorisation and delimitation of access to RBS systems;

- means of protection against intrusion placed on the IT systems used by customers to access RBS systems;

- means of firewalling;

- intrusion and network attack detection tools;

- anti-virus protection means;

- means of cryptographic protection of information (hereinafter referred to as ‘SCPI’) used in RBS systems;

- registration protocols (logs) and data from mail servers and e-mail content filtering facilities;

- network traffic data from (to) the segment(s) of the computer network in which the IT systems used by clients to access RBS systems are located;

- protocols (logs) of registration of automatic telephone exchanges;

- protocols (logs) of registration and data of video surveillance systems and access control systems used to control access to the premises where the ITS used by customers to access RBS systems are located;

- carriers of key information of encryption systems used in RBS systems.


6.3.2 Information infrastructure of the BS RF organisation:

- non-volatile technical data located on the memory devices of the BAS of the target systems:

- server equipment of the target systems;

- server equipment supporting the functioning of the information infrastructure of the target systems;

- BAS used for administration of the target systems;

- ATMs and POS-terminals;

- energy-dependent technical data located in the RAM of the target systems' BAS:

- BAS used for administration of information infrastructure of target systems;

- server equipment of the target systems;

- server equipment supporting the functioning of the information infrastructure of the target systems;

- energy-dependent technical data of the target systems' UAS as part of the following data:

- data on network configurations;

- data on network connections

- data on running software processes

- data on open files;

- list of open access sessions;

- system date and time of the operating system;

- protocols (logs) of target systems registration;

- protocols (logs) of telecommunication equipment used in the information infrastructure of the target systems:

- routers, switches, wireless access points and controllers, modems;

- means used to provide remote access (VPN-gateways);

- protocols (logs) of registration of information protection means used in the information infrastructure of the target systems:

- means (systems) of authentication, authorisation and access differentiation;

- means of firewalling;

- means of intrusion and network attack detection, including DDOS attacks;

- DHCP services;

- means of protection against intrusion, placed on the IT systems used to administer the information infrastructure of the target systems;

- means of anti-virus protection of the information infrastructure;

- ENCRYPTION SYSTEMS;

- protocols (logs) of registration and data of mail servers and e-mail content filtering facilities;

- protocols (logs) of registration and data of web-servers and means of content filtering of web-protocols;

- registration protocols (logs) of database management systems (hereinafter referred to as DBMS);

- network traffic data from (to) the segment (segments) of the computer network where the target systems are located;

- protocols (logs) of registration of automatic telephone exchanges;

- protocols (logs) of registration and data of video surveillance systems and access control systems used to control access to the premises where the target systems' BAS are located.

...


6.4 Recommendations on provision of necessary technical means and tools for collection and processing of technical data.

To implement the collection and processing of technical data, it is recommended that the BS RF organisation ensure the availability of the following ready-to-use technical means and tools:

...

- technical tools for centralised collection, storage and analysis of logs (logbooks), as well as automated processing of collected technical data (e.g. logbook management systems, SIEM systems);

...

12.3 The BS RF organisation is recommended to ensure that a unified set of technical means and systems - sources of technical data - is used for all target systems, as well as to implement a system of centralised collection and storage of logs (logbooks) (e.g. SIEM system).

When implementing the system of centralised collection and storage of logbooks (logs), it is recommended to provide:

- centralised collection and storage of technical data of protocols (logs) of registration formed by sources of technical data specified in clause 12.1 of this standard;

- realisation of technical data collection by a combination of the following methods:

- by periodic automatic copying of protocols (logs) of registration;

- by receiving data transmitted by means of audit and diagnostic protocols (including SYSLOG, SNMP);

- by periodically collecting data on the actual composition of technical means and systems - sources of technical data through the use of inventory and security assessment tools, remote administration protocols (system scanning);

- by copying network traffic;

- control of operability of technical means used for collection of registration protocols (logs);

- storage of the collected technical data, including archival storage, which ensures

- control and logging of access to the collected technical data;

- implementation of protective measures aimed at ensuring confidentiality, integrity and accessibility of the collected technical data;

- ensuring prohibition of individual modification and (or) deletion of the collected technical data;

- possibility of establishing the terms of operational storage of technical data;

- archival storage upon expiry of the operational storage period, realised, if necessary, by external archival storage systems;

- possibility of access to archived data on information security events for the purpose of analysis for three years;

- protection of collected technical data from unauthorised access, bilateral authentication when using public computer networks, including the Internet, for the purpose of transmitting the said data;

- guaranteed delivery of data on information security events;

- harmonisation of similar technical data generated by different sources of technical data to a unified format;

- the possibility of combining and correlating technical data generated by different sources of technical data within one common IS incident;

- bringing (synchronisation) of time stamps of records of electronic logs of IS events to a single time zone and a single reference time....


Standard of the Bank of Russia STO BR IBBS-1.0-2014 dated 01.06.2014 ‘Ensuring Information Security of Organisations of the Banking System of the Russian Federation. General Provisions’.


Information Security System; ISS: A set of protective measures, protective means and processes of their operation, including resource and administrative (organisational) support.


5.23. ... Monitoring of events and incidents in the ISS (information security system) is used as an operational measure to maintain the defence system at an appropriate level. The management of security events and incidents derived from IS monitoring avoids degradation and ensures the required level of asset security.

...


7.4.4 The BS RF organisation shall define, implement, record and control rules and procedures for IS monitoring, analysis and storage of data on activities and transactions to detect abusive or suspicious operations and transactions....

...

The BS RF organisation should implement the maintenance of logs of actions and transactions of automated workstations, server and network equipment, firewalls and ABSs for use in responding to IS incidents.

...

Specialised software and/or hardware should be used for IS monitoring procedures and analysis of action and operation data.


IS monitoring procedures and analyses of data on actions and transactions should use fixed criteria for identifying illegal or suspicious actions and transactions. The specified IS monitoring and analysis procedures shall be applied on a regular basis, e.g. daily, to all performed actions and operations (transactions).

...


7.7.9 In order to increase the level of security in the operation of ACSs and their key systems, it is recommended to implement IS monitoring procedures that record all significant events that took place during the exchange of cryptographically protected data and all IS incidents.

...


8.1.3 Among other things, it is important to perform such activities as organising IS training and awareness raising, implementing detection and response to IS incidents, and ensuring business continuity of the BS organisation (banking system) of the Russian Federation.

...


8.1.6 The following groups of requirements should be fulfilled for successful functioning of the ISMS (information security management system) in the BS organisation of the RF:

...

requirements for the organisation of detection and response to security incidents;

...

requirements for monitoring of the ISMS (information security management system) and control of protective measures;

...


8.10. Requirements for organising the detection of and response to information security incidents

8.10.1 Incident handling procedures shall be defined, implemented, recorded and monitored, including:

- procedures for detecting IS incidents;

- procedures for reporting incidents, including reporting to the IS service;

- procedures for classifying incidents and assessing the damage caused by an IS incident;

- procedures for incident response;

- procedures for analysing the causes of IS incidents and assessing the results of response to IS incidents (if necessary, with the participation of external IS experts).

8.10.2 Procedures for storing and disseminating information on IS incidents, IS incident analysis practices and IS incident response results shall be defined, implemented, recorded and monitored.

8.10.3 The actions of the BS RF organisation's employees in detecting and reporting atypical IS events shall be defined, implemented, recorded and controlled. The organisation's employees shall be aware of these procedures.

8.10.4 The procedures for investigating IS incidents shall take into account the legislation of the Russian Federation, the provisions of the regulations of the Bank of Russia, and the internal documents of the BS RF organisation in the field of IS.

8.10.5 The BS RF organisations shall make, record and implement decisions on all identified IS incidents.

8.10.6 The BS RF organisation shall define the roles of detection, classification, response, analysis and investigation of IS incidents and assign responsibility for the performance of these roles.

...

8.12. Requirements for information security monitoring and control of protective measures

8.12.1 Procedures for IS monitoring and control of protective measures, including control of configuration parameters and settings of security features and mechanisms, shall be defined, performed and recorded. The implementation of these procedures shall be organised by the IS service, covering all implemented and operated protective measures included in the SIS.

8.12.2 Procedures for collecting and storing information on the actions of the BS RF organisation's employees, events and parameters relevant to the operation of protective measures shall be defined, performed, recorded and monitored.

8.12.3 Information on all incidents identified in the process of IS monitoring and control of protective measures shall be recorded as part of the implementation of procedures for the storage of information on IS incidents.

8.12.4 The procedures for IS monitoring and control of protective measures shall be subject to regular, recorded revisions due to changes in the composition and use of protective measures, identification of new IS threats and vulnerabilities, and on the basis of IS incident data.

8.12.5 The BS RF organisation shall define the roles related to the implementation of IS monitoring procedures and control of protective measures, as well as the revision of the said procedures, and designate those responsible for the performance of the said roles.

...

8.15. Requirements for analysing the functioning of the information security assurance system.

8.15.1 Procedures for analysing the functioning of the ISMS shall be defined, performed, recorded and monitored, using, inter alia:

- results of IS monitoring and control of protective measures;

- information on IS incidents;

...

8.16. Requirements for the analysis of the information security system by the management of the organisation of the banking system of the Russian Federation.

8.16.1 The organisation of the banking system of the Russian Federation should establish a list of documents (data) required for the formation of information to be provided to the management for the purpose of the ISMS analysis. In particular, this list of documents should include:

- reports with the results of IS monitoring and control of protective measures;

...

- documents containing information on identified IS incidents;

...

8.17. Requirements for making decisions on tactical improvements to the information security assurance system.

8.17.1 Decision-making related to tactical improvements to the ISMS shall consider, among other things, the results of:

- IS monitoring and control of protective measures;

...

- the handling of IS incidents;

...


8.18. Requirements for making decisions on strategic improvements to the information security assurance system.

8.18.1 Decision making related to strategic improvements to the ISMS requires consideration of, among other things, the results of:

...

- IS monitoring and control of protective measures;

...

- ... the handling of IS incidents;

...

9.2 The main objectives of IS monitoring and control of protective measures in the BS RF organisation are operational and continuous observation, collection, analysis and processing of data for specified purposes. Such analysis objectives may be:

...

- identification of IS incidents.


Bank of Russia document No. 4-MR dated 14.02.2019 ‘Methodological Recommendations on neutralisation by banks of security threats relevant in the processing, including collection and storage, of biometric personal data, their verification and transmission of information on the degree of their compliance with the provided biometric personal data of a citizen of the Russian Federation’.

4.1 Banks are recommended to ensure registration of incidents related to violations of information protection requirements during processing, including collection, as well as transmission of biometric personal data for remote identification purposes.

4.2 Banks are recommended to inform the Bank of Russia about identified incidents related to violations of information security requirements for processing, including collection and transmission of biometric personal data for remote identification purposes.


4.2.1 It is recommended to send to the Bank of Russia information about identified incidents related to violations of information protection requirements for processing, including collection and transmission of biometric personal data for remote identification purposes using the technical infrastructure (automated system) of the Bank of Russia.


4.2.2 Banks are recommended to send information on identified incidents related to violations of information protection requirements for processing, including collection and transmission of biometric personal data for remote identification purposes, according to the submission forms posted on the official website of the Bank of Russia in the information and telecommunication network ‘Internet’.


4.3 It is recommended to inform the Bank of Russia about the identified incidents related to violations of the requirements to information security in the processing, including collection, as well as transmission of biometric personal data for remote identification purposes as soon as possible, if possible, not exceeding one working day from the moment of identification of the incident.


Order of the Ministry of Communications of Russia No. 321 of 25.06.2018 ‘On approval of the procedure for processing, including collection and storage, of biometric personal data parameters for identification purposes, the procedure for placing and updating biometric personal data in the unified biometric system, as well as requirements for information technologies and technical means intended for processing biometric personal data for identification purposes’.


9. In addition to the measures stipulated by Clause 7 of this Procedure, banks shall ensure:


1) informing the Bank of Russia about identified incidents related to violations of requirements to ensure information protection during processing, including collection and storage, of biometric personal data parameters for identification purposes (hereinafter - security incidents, information protection requirements, respectively), which have led or may lead to violation or attempts to violate integrity, confidentiality and (or) availability of protected information.


Banks shall inform the Bank of Russia of identified security incidents no later than one working day from the moment of their identification.

...


Appendix 2 to Order of the Ministry of Communications of Russia No. 321.

6. When placing and updating information in the unified biometric system, banks shall inform the Bank of Russia of identified security incidents in accordance with subparagraph 1 of paragraph 9 of the Procedure for Processing.


Appendix 3 to Order of the Ministry of Communications of Russia No. 321.

5. When processing, including collection and storage, of biometric personal data parameters for identification purposes, banks shall use information technologies and technical means that comply with the 2nd level of information protection (standard) established by the national standard of the Russian Federation GOST R 57580.1-2017 ‘National Standard of the Russian Federation. Security of financial (banking) operations. Protection of information of financial organisations. Basic set of organisational and technical measures’, approved by the order of the Federal Agency for Technical Regulation and Metrology dated 8 August 2017 No. 882-st “On Approval of the National Standard” (M., FSUE “Standardinform”, 2017).


Regulation of the Bank of Russia No. 716-P dated 08.04.2020 ‘On Requirements to the Operational Risk Management System in a Credit Organisation and a Banking Group’.


1.3 The operational risk management system in a credit organisation (head credit organisation of a banking group) includes the following elements:

...

event base;

...

an automated information system, the scope and functionality of which is determined by the operations and (or) existing processes of a credit institution (head credit institution of a banking group), which ensures functioning of both the operational risk management system as a whole and its separate elements (e.g., event database), including data integrity and protection from distortion;

...


2.1.2 Collection and registration of information on internal operational risk events and losses from its realisation, including the following methods:


Automated identification of information from information systems on realised or possible future operational risk events;

...


2.1.7 Monitoring of operational risk, including the following methods:

....

monitoring of information flows within the framework of operational risk implementation from subdivisions of a credit institution (head credit institution of a banking group) and centres of competence, sole and collegial management bodies of a credit institution (head credit institution of a banking group), from other sources of information.

...


4.1.5 A set of measures aimed at improving the quality of the operational risk management system and reducing the negative impact of operational risk, including measures aimed at preventing and (or) reducing the probability of operational risk events and measures aimed at limiting the amount of losses from the realisation of operational risk events.

...

Measures aimed at limiting the amount of losses from the realisation of operational risk events include:

...

development by a credit institution (head credit institution of a banking group) of plans to ensure continuity and (or) recovery of critical processes and functioning of information systems, including automated systems, software and (or) hardware and software, telecommunication equipment and communication lines, the operation and use of which is ensured by a credit institution (head credit institution of a banking group) for the performance of processes and operations (hereinafter referred to as ‘information objects’).

...


7.3 Incidents resulting in the actual realisation of information security risk, including cyber risk, caused by sources of information security risk, including incidents related to violations of the requirements to information protection in the course of money transfers established in accordance with Regulation of the Bank of Russia No. 382-P dated 9 June 2012 ... and Regulation of the Bank of Russia No. 683-P dated 17 April 2019 ... (hereinafter referred to as information security incidents) resulting in direct and indirect losses of a credit institution (head credit institution of a banking group) (hereinafter referred to as information security risk event) shall be recorded by a credit institution (head credit institution of a banking group) in the event database with the assignment of the operational risk type....


7.7 For the purpose of information security risk management, a credit organisation (head credit organisation of a banking group) shall define in its internal documents the procedure for functioning of the information security system and ensure its implementation, including:

...

detection of information security risk events, including detection of computer attacks, consideration of applications from customers, counterparties, employees and third parties related to information security breaches, detection and registration of information protection incidents, detection of vulnerabilities and facts of compromise of information infrastructure objects;


procedures for responding to identified information security risk events and restoring the credit institution's (head credit institution of the banking group) operations in case of such events, including procedures for interaction of the credit institution (head credit institution of the banking group) with customers and third parties, including in case of receiving notifications of money transfers without customers' consent;


exchange of information on information security risk events, including information protection incidents, and submission of data to the Bank of Russia in accordance with the requirements of Clause 8 of Bank of Russia Regulation No. 683-P;

...

fulfilment of requirements for information protection in banking activities related to the transfer of funds in accordance with Clause 5 of Bank of Russia Regulation No. 683-P;

...

7.9.2 For the purpose of information security risk management:


compliance with the operational risk management procedures set out in subparagraphs 2.1.1, 2.1.2 and 2.1.7 of paragraph 2.1 of Clause 2.1 of these Regulations in terms of identification, collection and registration of information on information security risk events and losses in the event base, monitoring of information security risk, including on the basis of information provided by the competence centres responsible for collecting information on operational risk events;

maintaining the information security risk event database;

...


Regulation of the Bank of Russia No. 672-P of 09.01.2019 ‘On Requirements to Information Protection in the Payment System of the Bank of Russia’.


6.1 Documents shall be accepted within the following information protection processes (areas) defined by GOST R 57580.1-2017:

...

information protection incident management;

...

19.1. Appeals to suspend the exchange of electronic messages in case of detection of an incident related to non-compliance with information protection requirements and appeals to cancel the suspension of the exchange of electronic messages (hereinafter jointly referred to as appeals) shall be sent using the technical infrastructure (automated system) of the Bank of Russia.


Regulation of the Bank of Russia No. 684-P dated 17.04.2019 ‘On Establishment of Mandatory Requirements for Non-Credit Financial Organisations to Ensure Information Protection in the Course of Activities in the Field of Financial Markets in order to Counteract Illegal Financial Transactions’.


13. Non-credit financial organisations that implement enhanced and standard levels of information protection shall register incidents related to violations of the requirements to information protection in carrying out activities in the sphere of financial markets (hereinafter - information protection incidents), as well as provide information on the identified information protection incidents to the official (separate structural subdivision) responsible for risk management, if there is such an official (separate structural subdivision).


13.1 Non-credit financial institutions implementing enhanced and standard levels of information protection shall refer to information protection incidents as events that have led or may lead, according to the assessment of the said non-credit financial institutions, to financial transactions without the consent of the client of the non-credit financial institution, to failure to provide services related to financial transactions, including events included in the list of types of incidents agreed with the federal executive authority authorised in the field of information protection, including events included in the list of types of incidents agreed with the federal executive authority authorised in the field of information protection.


13.2 For each incident of information protection, non-credit financial organisations implementing enhanced and standard levels of information protection shall register the following information:


protected information at the technological areas where unauthorised access to protected information occurred;


the result of response to an incident of information protection, including actions taken to return funds, securities and other property of the client of the non-credit financial institution.


14. Non-credit financial organisations implementing enhanced and standard levels of information protection shall ensure:


storage of information specified in paragraphs two and four of item 1 of these Regulations, information on registration of data specified in item 12 of these Regulations, and information on information protection incidents;


integrity and availability of the information specified in paragraph one of this clause for at least five years from the date of its formation by the non-credit financial institution (date of receipt by the non-credit financial institution), and if the legislation of the Russian Federation regulating the activities of non-credit financial institutions establishes a different period - for the period established by the legislation of the Russian Federation regulating the activities of non-credit financial institutions.


15. Non-credit financial organisations implementing enhanced and standard levels of information protection shall inform the Bank of Russia:


on identified information protection incidents included in the list of incident types;


on planned events, including press releases and press conferences, placement of information on official Internet sites, regarding information protection incidents no later than one working day prior to the day of the event.


Regulation of the Bank of Russia No. 683-P dated 17.04.2019 ‘On Establishing the requirements mandatory for credit institutions to ensure information protection when carrying out banking activities in order to counteract the implementation of money transfers without the client's consent’.


5.2 Credit organisations shall ensure regulation, implementation, control (monitoring) of the technology of processing protected information...


5.2.3 Data on the actions of employees performed using automated systems and software shall be registered....


5.2.4 Data on customer actions performed using automated systems and software are subject to registration... 5.2.5.


5.2.5 Credit organisations shall ensure storage:

...

information specified in subparagraphs 5.2.3 and 5.2.4 of this paragraph, paragraph 8 of these Regulations.


Credit organisations shall ensure the integrity and availability of the information specified in this subparagraph for at least five years from the date of its formation (receipt).

...


8. Credit institutions shall refer to incidents related to violations of information protection requirements in banking activities related to funds transfer (hereinafter - information protection incidents) as events that have led or may lead to banking operations without customer's consent, failure to provide services related to banking operations, including those included in the list of incident types agreed with the federal executive authority authorised in the field of banking operations, including those included in the list of incident types agreed with the federal executive authority authorised in the field of banking operations.


Credit institutions shall establish in their internal documents the procedure for registration of information protection incidents and information exchange with the risk management service established in accordance with clause 3.6 of the Bank of Russia's Instruction No. 3624-U dated 15 April 2015 ‘On Requirements to the Risk and Capital Management System of a Credit Institution and a Banking Group’ registered by the Ministry of Justice of the Russian Federation on 26 May 2015 No. 37388, 28 December 2015 No. 40325, 7 December 2017 No. 49156, 5 September 2018 No. 52084. Information on information protection incidents shall be sent to the Bank of Russia's Risk Management Service.


Credit organisations must ensure that information protection incidents are registered.


For each information protection incident, credit organisations must ensure registration of:


protected information processed at the technological site(s) where unauthorised access to protected information occurred;


the result of response to the information protection incident, including actions to return cash or electronic funds.


Credit organisations must inform the Bank of Russia:


on identified information protection incidents included in the list of incident types;


on planned measures to disclose information on information protection incidents, including placing information on official Internet sites, issuing press releases and holding press conferences no later than one working day before the day of the event.

...


Resolution of the Government of the Russian Federation No. 584 of 13.06.2012 ‘On Approval of the Regulation on Information Protection in the Payment System’.


4. Rules of the payment system shall provide for, among other things, the following requirements to the protection of information:

...

g) identification of incidents related to violation of information protection requirements, response to them;

...


Regulation of the Bank of Russia No. 719-P of 04.06.2020 ‘On Requirements to Information Protection in the Process of Money Transfers and on the Procedure of Control by the Bank of Russia over Compliance with Requirements to Information Protection in the Process of Money Transfers’ shall come into effect from 01 January 2022, replacing Regulation of the Bank of Russia No. 382-P of 09.06.2012.


1.5 Money Transfer Operators and Payment Infrastructure Service Operators with regard to the requirements to information protection in the course of money transfers applied to informing the Bank of Russia about incidents (events) related to violation of the requirements to information protection in the course of money transfers, including those included in the list of types of incidents agreed with the federal executive body authorised to ensure the functioning of the state


on identified information protection incidents included in the list of incident types;


on planned measures to disclose information on information protection incidents, including placing information on official Internet sites, issuing press releases and holding press conferences, not later than one working day before the day of the event.

...


2.6 Money Transfer Operators shall establish the procedure for informing them by the bank payment agents (subagents) engaged by them, information exchange service operators about the identified information protection incidents. Money transfer operators shall, upon request of the Bank of Russia, send to the Bank of Russia information on information protection incidents received from their bank payment agents (subagents), information exchange service providers.


5.1 For the purpose of implementation of paragraph 11 of part 3 of Article 28 of Federal Law No. 161-FZ (Collected Legislation of the Russian Federation, 2011, No. 27, article 3872) within the framework of the risk management system in the payment system, the payment system operator shall define in the rules of the payment system and other documents the procedure for ensuring protection of information in the payment system for money transfer operators that are members of the payment system, operators of payment infrastructure services, taking into account the requirements for ensuring protection of information when effecting transfers of money.


The operator of the payment system shall determine the requirements for ensuring protection of information in the payment system in respect of the following measures:

...

implementation by money transfer operators that are participants of the payment system and operators of payment infrastructure services of the processes of response to information protection incidents and restoration of regular functioning of information infrastructure facilities in case of information protection incidents;


implementation by money transfer operators that are participants of the payment system and operators of payment infrastructure services of interaction when exchanging information on information protection incidents;

...

5.2 In order to reduce the risk of information security in the payment system, the payment system operator shall implement mechanisms to improve the requirements specified in paragraph 5.4 of these Regulations, including accumulation and recording of experience in responding to information protection incidents and restoring the functioning of the payment system after their implementation.

...


5.4 The payment system operator shall ensure that information is recorded and available for money transfer operators, which are members of the payment system, and operators of payment infrastructure services:


on information protection incidents identified in the payment system;


on methods of analysing and responding to information protection incidents.

...

Annex 1 to the Regulation of the Bank of Russia No. 719-P dated 04.06.2020.

1. The following technological measures may be applied by bank payment agents (subagents), operators of information exchange services, operators of payment infrastructure services in order to ensure information protection in transactions related to funds transfers.

...

1.10. Ensuring storage of protected information, information on events subject to registration, information on information protection incidents within five years from the date of formation of information in unaltered form.

...

Regulation of the Bank of Russia No. 382-P of 09.06.2012 (as amended on 07.05.2018) ‘On Requirements for Information Protection in Money Transfers and on the Procedure for Control by the Bank of Russia of Compliance with Requirements for Information Protection in Money Transfers’, which is valid until 01 January 2022, when the new Regulation of the Bank of Russia No. 719-P of 04.06.2020 ‘On Requirements for Information Protection in Money Transfers and on the Procedure for Control by the Bank of Russia of Compliance with Requirements for Information Protection in Money Transfers and on the Procedure for Control by the Bank of Russia of Compliance with Requirements for Information Protection in Money Transfers’ comes into force.


Requirements:


2.2 The requirements for ensuring information protection when carrying out money transfers include:

...

requirements for identifying and responding to incidents related to violations of the requirements for ensuring information protection in carrying out money transfers;

...


2.13. The following requirements shall be included in the requirements for identifying and responding to incidents related to violations of the requirements to information security in the process of money transfers.


2.13.1. The Operator of the payment system shall determine:


requirements to the procedure, form and terms of informing the payment system operator, money transfer operators and operators of payment infrastructure services about incidents identified in the payment system related to violations of requirements to information security in carrying out money transfers; informing the payment system operator about incidents identified by money transfer operators that are participants of the payment system and operators of payment infrastructure services engaged to provide payment services


requirements for interaction of the payment system operator, money transfer operators and operators of payment infrastructure services in case of identification in the payment system of incidents related to violations of requirements to information security in the course of money transfers.


The money transfer operator and the operator of payment infrastructure services shall ensure fulfilment of the requirements specified in this subparagraph.


2.13.2 The money transfer operator, bank payment agent (subagent), operator of payment infrastructure services shall ensure:


application of organisational measures of information protection and (or) use of technical means of information protection intended for detection of incidents related to violations of requirements to information protection in the course of money transfers;


informing the information security service, if any, of the identification of incidents related to violations of information protection requirements in the course of money transfers;


responding to the identified incidents related to violations of information protection requirements for money transfers;


analysing the causes of the identified incidents related to violations of information protection requirements in the course of money transfers, and assessing the results of response to such incidents.


2.13.3 The payment system operator shall ensure accounting and accessibility for money transfer operators, which are members of the payment system, and operators of payment infrastructure services, engaged for provision of payment infrastructure services in the payment system, of information:


on incidents identified in the payment system related to violations of requirements to information security in the course of money transfers;


methods of analysing and responding to incidents related to violations of requirements to information security in the course of money transfers.


2.16.2 The information sent by money transfer operators and operators of payment infrastructure services, except for operational centres located outside the Russian Federation, to the payment system operator for the purposes of analysis of information security in the payment system in the course of money transfers shall include the following information:

...

on identified incidents related to violations of requirements to information security in the process of funds transfers;

...

2.18.6. The Money Transfer Operator shall ensure periodic monitoring of the RBS TU status in order to identify events affecting information protection in the course of money transfers. Such events include, inter alia:


unauthorised changes to the RBS TU software, including the introduction of malicious code;


unauthorised changes to the RBS TU hardware (installation of unauthorised equipment on (in) the RBS TU), including unauthorised use of communication ports;


failures and malfunctions of technical means of information protection, payment card acceptance devices (if any), cash acceptance devices (if any), cash disbursement devices (if any).


In case of detection of the events specified in this sub-clause, the RBS operator shall ensure that the RBS TO is brought to a state where customer service is impossible until the possibility of negative consequences of the detected events is minimised or unauthorised changes in the RBS TO software and hardware are eliminated.


GOST R 57580.1-2017 ‘Security of financial (banking) operations. Information protection of financial organisations. Basic composition of organisational and technical measures’.

7.7 Process 6 ‘Information Protection Incident Management’

7.7.1 Subprocess ‘Monitoring and analysing information protection events’.


7.7.1.1 Measures applied by the financial institution to monitor and analyse information protection events shall ensure:

- organisation of monitoring of registration data on information protection events generated by information protection means and systems, information objects, including in accordance with the requirements for the content of the basic composition of information protection measures of this Standard;

- collection, protection and storage of registration data on information protection events;

- analysing the data of registration of information protection events

- registration of information protection events related to operations on processing of data on information protection events registration.

...

7.7.1.2 Basic composition of measures to organise monitoring of data on information protection event registration data generated by informatisation objects in relation to information protection levels ... ...


ICA.1 Organisation of monitoring of information protection event logging data generated by technical measures included in the information protection system

ICA.2 Organisation of monitoring of data on information protection events generated by network equipment, including active network equipment, routers and switches

ICA.3 Organisation of monitoring of information protection event logging data generated by network applications and services

MAC.4 Organisation of monitoring of information protection event logging data generated by system software, operating systems, DBMSs.

MAC.5 Organisation of monitoring of information protection event logging data generated by ACs and applications

MAC.6 Organisation of monitoring of information protection event logging data generated by domain controllers

MAC.7 Organisation of monitoring of information protection event registration data generated by access control and management tools (systems)


7.7.1.3 Basic composition of measures for collection, protection and storage of information protection event logging data in relation to information protection levels .....


MAC.8 Centralised collection of registration data on information protection events generated by informatisation objects defined by measures MAC.1-MAC.7 Table 33

MAC.9 Generation of time stamps for information protection event logging data and synchronisation of the system time of informatisation objects used for generation, collection and analysis of logging data

MAC.10 Control of the generation of registration data on information security events of informatisation objects defined by measures MAC.1- MAC.7 of Table 33

MAC.11 Implementation of protection of registration data on information security events against disclosure and modification, two-party authentication during transmission of registration data using the Internet.

MAC.12 Ensuring guaranteed delivery of information protection event registration data during their centralised collection

MAC.13 Reserving the necessary amount of memory for storing information security event registration data

MAC.14 Protecting information security event logging data from intrusion during storage, ensuring the integrity and availability of stored logging data

MAC.15 Ensuring access to information security event logging data for three years

MAC.16 Provide access to information security event logging data for five years.


7.7.1.4 Basic composition of measures to analyse information security event logging data in relation to information protection levels ....


MAC.17 Enable normalisation, filtering, aggregation and classification of information security event log data.

MAC.18 Enabling the identification and analysis of information protection events potentially related to information protection incidents, including intrusion*

MAC.19 Provision for determining the composition of actions and (or) operations of a particular access subject

MAC.20 Provision of the capability to determine the composition of actions and (or) operations of access subjects when logically accessing a specific access resource.


7.7.1.5 Basic composition of information protection event registration measures related to information protection event registration data processing operations with respect to information protection levels...


ICA.21 Registration of irregularities and failures in the generation and collection of data on information security events

ICA.22 Registration of access to stored data on data protection events

ICA.23 Registration of operations related to changes in the rules of normalisation (bringing to a common format), filtering, aggregation and classification of data on information protection events registration

7.7.2 Subprocess ‘Detecting and responding to information protection incidents’.


7.7.2.1 Information protection incident detection and response measures applied by the financial institution shall ensure:

- detection and registration of information protection incidents;

- organisation of response to information protection incidents

- organisation of storage and protection of information on information protection incidents;

- registration of information protection events related to the results of detection and response to information protection incidents.

...

7.7.2.2 Basic composition of measures for detection and registration of information protection incidents in relation to information protection levels ...


RI.1 Registration of information on information protection events potentially related to information protection incidents, including intrusion detected as part of monitoring and analysis of information protection events

RI.2 Registration of information potentially related to information security incidents, including intrusion prevention, received from employees, customers and/or counterparties of the financial institution

RI.3 Classification of information protection incidents taking into account the degree of their impact (criticality) on provision of financial services, implementation of business processes and (or) technological processes of a financial institution

RI.4 Establishment and application of uniform rules for obtaining information potentially related to information protection incidents from employees, clients and/or counterparties of the financial organisation

RI.5 Establishment and application of uniform rules for registration and classification of information protection incidents in terms of the composition and content of attributes describing an information protection incident and their possible values.


7.7.2.3 Basic composition of measures to organise response to information protection incidents with respect to information protection levels ....


RI.6 Establishment and application of uniform rules for responding to information protection incidents

...

RI.10 Timely (prompt) notification of information protection incidents to GRIZI members ....

RI.11 Provide GRIZI members with logical and physical access rights and administrative authority necessary to respond to information protection incidents.

RI.12 Conducting a response to each detected information protection incident, including:

- analysing the incident;

- determining the sources and causes of the incident

- assessing the impact of the incident on the provision of financial services, business processes or technological processes of the financial organisation;

- taking measures to eliminate the consequences of the incident;

- planning and taking measures to prevent the recurrence of the incident

RI.13 Establishment and application of uniform rules for collection, recording and dissemination of information on information protection incidents

RI.14 Establish and apply uniform rules for closing information protection incidents


7.7.2.4 Basic composition of measures to organise the storage and protection of information on information protection incidents in relation to information protection levels ....


RI.15 Implementing the protection of information on information security incidents against intrusion, ensuring the integrity and availability of such information.

RI.16 Differentiate access to information on information security incidents for the members of the Information Security Incident Response Team in accordance with the defined roles associated with responding to information security incidents

RI.17 Ensuring that information on information protection incidents can be accessed for a period of three years

RI.18 Ensure that information on information protection incidents can be accessed within five years.

7.7.2.5 Basic composition of measures to record information protection events related to the results of information protection incident detection and response, in relation to information protection levels ....


RI.19 Registration of access to information on information protection incidents

Recommended

How to manage a flock of sheep with one dog, or current approaches to configuring network equipment
How to manage a flock of sheep with one dog, or current approaches to configuring network equipment
information security

30.05.2022

Why and how to build data networks
Why and how to build data networks
information security

16.10.2023

Security Vision's features: interface
Security Vision's features: interface
information security SOAR SGRC

30.01.2023

Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
information security

21.02.2022

How the technical side of data leakage protection is organised
How the technical side of data leakage protection is organised
information security

22.08.2022

Pentestas
Pentestas
information security

05.02.2024

Enterprise information security policy - example and tips for development
Enterprise information security policy - example and tips for development
information security

19.08.2024

Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
information security

11.04.2022

Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
information security

12.07.2021

MITRE publication ‘11 World-Class SOC Centre Strategies’. Strategy #8 ‘Use automation tools to support the work of SOC analysts’
MITRE publication ‘11 World-Class SOC Centre Strategies’. Strategy #8 ‘Use automation tools to support the work of SOC analysts’
information security SOC MITRE

26.06.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
information security SOC MITRE

29.05.2023

Using MITRE ATT&CK in the Threat Intelligence Platform
Using MITRE ATT&CK in the Threat Intelligence Platform
information security TIP MITRE

24.07.2023

Recommended

How to manage a flock of sheep with one dog, or current approaches to configuring network equipment
information security

30.05.2022

How to manage a flock of sheep with one dog, or current approaches to configuring network equipment
Why and how to build data networks
information security

16.10.2023

Why and how to build data networks
Security Vision's features: interface
information security SOAR SGRC

30.01.2023

Security Vision's features: interface
Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
information security

21.02.2022

Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
How the technical side of data leakage protection is organised
information security

22.08.2022

How the technical side of data leakage protection is organised
Pentestas
information security

05.02.2024

Pentestas
Enterprise information security policy - example and tips for development
information security

19.08.2024

Enterprise information security policy - example and tips for development
Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
information security

11.04.2022

Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
information security

12.07.2021

Practical protection of personal data. Evaluate the effectiveness of measures taken to ensure the security of personal data
MITRE publication ‘11 World-Class SOC Centre Strategies’. Strategy #8 ‘Use automation tools to support the work of SOC analysts’
information security SOC MITRE

26.06.2023

MITRE publication ‘11 World-Class SOC Centre Strategies’. Strategy #8 ‘Use automation tools to support the work of SOC analysts’
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
information security SOC MITRE

29.05.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #4 ‘Recruit and Retain Qualified Employees’
Using MITRE ATT&CK in the Threat Intelligence Platform
information security TIP MITRE

24.07.2023

Using MITRE ATT&CK in the Threat Intelligence Platform

Other articles

The ethical hacker and his role in security
The ethical hacker and his role in security
information security

13.11.2023

SSDL: Dev vs Sec
SSDL: Dev vs Sec
information security

25.09.2023

SIEM - Security Information and Event Management
SIEM - Security Information and Event Management
information security SIEM

05.12.2022

Benefits of Pentest for the post-incident patient
Benefits of Pentest for the post-incident patient
information security SOC

13.06.2024

How malware works. Part 1
How malware works. Part 1
information security

19.11.2024

Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
information security

11.04.2022

Access control and user identification. IDM systems
Access control and user identification. IDM systems
information security SOAR

16.01.2023

Asset Management and Inventory module on the Security Vision platform: even more possibilities
Asset Management and Inventory module on the Security Vision platform: even more possibilities
information security

24.02.2022

Who are these agents of yours, or how to follow a large closed circuit
Who are these agents of yours, or how to follow a large closed circuit
information security SOC SIEM

04.07.2024

Other articles

The ethical hacker and his role in security
information security

13.11.2023

The ethical hacker and his role in security
SSDL: Dev vs Sec
information security

25.09.2023

SSDL: Dev vs Sec
SIEM - Security Information and Event Management
information security SIEM

05.12.2022

SIEM - Security Information and Event Management
Benefits of Pentest for the post-incident patient
information security SOC

13.06.2024

Benefits of Pentest for the post-incident patient
How malware works. Part 1
information security

19.11.2024

How malware works. Part 1
Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
information security

11.04.2022

Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
Access control and user identification. IDM systems
information security SOAR

16.01.2023

Access control and user identification. IDM systems
Asset Management and Inventory module on the Security Vision platform: even more possibilities
information security

24.02.2022

Asset Management and Inventory module on the Security Vision platform: even more possibilities
Who are these agents of yours, or how to follow a large closed circuit
information security SOC SIEM

04.07.2024

Who are these agents of yours, or how to follow a large closed circuit

This website uses cookies to ensure you get the best experience.