Based on the already existing instruction 4336-U, the Central Bank of the Russian Federation will formulate requirements for the quality of protection of banks from cyber attacks. By the end of 2019, each Russian bank will receive an appropriate risk profile for the level of information security.
The concept of a risk profile was introduced in the strategic document “Main Directions for the Development of Information Security in the Credit and Financial Sphere of the Russian Federation”; the Board of Directors of the Central Bank completed work on it last week. In addition, this document spells out other measures to protect the financial sector from cyber attacks, which must be implemented before 2023.
The risk profile, for example, takes into account the share of unauthorized card transactions in the total volume of bank transactions, as well as technological readiness to repel attacks. If the Central Bank’s information security department assigns a bank a low risk profile, this means that the bank exposes its clients to great danger:
“This is not only a recommendation to fix something, it is also a transition to the formation of fines and other measures that are provided for by law,” Artyom Sychev, First Deputy Director of the Information Security Department of the Bank of Russia.
He also added that the bank’s attitude to information security issues affects its financial stability indicators: the size of capital, assets, quality of management and others.
“It is important for us to understand how the organization’s management responds to the challenges that arise from the point of view of information security. Does he even know about them? Does he manage this risk or not? This is the most important thing for us,” said Sychev.
Source: 3dnews.ru