Analysis of the legal framework for the information security management system of the NSМEP
DOI:
https://doi.org/10.15587/1729-4061.2015.51468Keywords:
information security of banking transactions, threats to banking dataAbstract
Legal acts in the field of protection of banking transactions in the national system of mass electronic payments, its structure are considered. An analysis of the legal framework of banking activities has shown that it is generally based on international standards that define the basic principles of the information security management system, recommendations to counter cyber attacks on banking systems. However, incomplete regulatory and methodological support of information security, especially in the area of indicators and criteria significantly complicates, and sometimes makes it impossible to objectively evaluate the information security system effectiveness. The analysis of the main sources of threats to the confidentiality, integrity and availability of data is carried out. Currently, over 90 % of all crimes are associated with the use of automated banking systems, based on the synthesis of "traditional attacks" such as brute force and social engineering. The basic requirements of the standards to the functions of the information security management system, software tools of technical information security systems in the banking institutions of the National Bank of Ukraine are considered.
References
- Khymka, S. S. Razrabotka modelej y metodov dlia sozdanyia systemy ynformatsyonnoj bezopasnosty korporatyvnoj sety predpryiatyia s uchetom razlychnykh kryteryev [Development of models and methods for the creation of a system of information security corporate network , taking into account various criteria]. Available at: http://masters.donntu.org/2009/fvti/khimka/diss/index.htm [in Russian]
- Ukraynskyj resurs po bezopasnosty [Ukrainian security resource] [Elektronnyj resurs]. Available at: http://kiev-security.org.ua [in Russian]
- Slobodeniuk, D. (2013). Bankovskye tekhnolohyy, Sredstva zaschyty ynformatsyy v bankovskykh systemakh [Banking Technologies: means of information security in banking systems]. Available at: http://www.arinteg.ru/about/publications/press/sredstva-zashchity informatsii-v-bankovskikh-sistemakh-131107.html [in Russian]
- Symakov M. N. (2012). V S'ezd dyrektorov po ynformatsyonnoj bezopasnosty [V Congress Chief Security]. Moscow. Available at: http://www.csosummit.ru/data/2012/presentations/cso2012_013_express-tula_simakov.pdf [in Russian]
- Revenkov, P. V. Zaschyta ynformatsyy v banke: osnovnye uhrozy y bor'ba s nymy [Data protection in the bank : the main threats and control of them]. Available at: http://www.crmdaily.ru/novosti-rynka-crm/568-zashhita-informacii-v-banke-osnovnye-ugrozy-i-borba-s-nimi.html [in Russian]
- Security of Internet Banking – A Comparative Study of Security Risks and Legal Protection in Internet Banking in Thailand and Germany. Available at: http://www.thailawforum.com/articles/internet-banking-thailand.html [in English].
- Yarochkyn, V. Y. (2004). Ynformatsyonnaia bezopasnost' [Information security]. Second edition. Moscow: Akademycheskyj Proekt; Haudeamus, 544. [in Russian]
- Standart Ukrainy SOU N NBU 65.1 SUIB 1.0:2010. Metody zakhystu v bankivs'kij diial'nosti systema upravlinnia informatsijnoiu bezpekoiu. [Vymohy Methods of protection in the banking system of information security management. Requirements]: (ISO/IEC 27001:2005, MOD) (2010). Kyiv: NBU., 67. [in Ukrainian]
- Zvid pravyl dlia upravlinnia informatsijnoiu bezpekoiu (ISO/IEC 27002:2005, MOD) [Set of rules for information security management]: SOU N NBU 65.1 SUIB 1.0:2010 (2010). Kyiv: NBU, 209. [in Ukrainian]
- Korchenko, A. A., Skachek, L. N., Khoroshko, V. A. (2014). Bankivs'ka bezpeka [Banking security]. Kyiv, 185. [in Ukrainian]
- Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Protsedura vyrabotky y proverky elektronnoj tsyfrovoj podpysy na baze asymmetrychnoho kryptohrafycheskoho alhorytma [Interstate standard. Information technology. Cryptographic protection of information. The procedure of development and verification of digital signatures based on asymmetric cryptographic algorithm]: HOST 34.310-95 (1998). Kyiv: Hosstandart Ukrayny. [in Russian]
- GOST 34.311-95. Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Funktsyia kheshyrovanyia [Interstate standard. Information technology. Cryptographic protection of information. Hashing function] (1998). Kyiv: Hosstandart Ukrayny. [in Russian]
- GOST R34.10-94. Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Protsedury vyrabotky y proverky elektronnoj tsyfrovoj podpysy na baze asymmetrychnoho kryptohrafycheskoho alhorytma [Information technology. Cryptographic protection of information. Procedure of generation and verification of electronic digital signatures based on asymmetric cryptographic algorithm]. Natcionalnyj standart. [in Russian]
- GOST R34.11-94. Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Funktsyia kheshyrovanyia [Information technology. Cryptographic protection of information. Hashing function]. Natcionalnyj standart. [in Russian].
- Zadiraka, V. K., Olesiuk, O. S., Nedashkovs'kyj, N. O. (1999). Metody zakhystu bankivs'koi informatsii [Methods of bank information protection]. Kyiv: Vyscha shkola, 264. [in Ukrainian]
- Prohrammnoe sredstvo kryptohrafycheskoj zaschyty ynformatsyy "Hryfon-B" [Software for cryptographic information protection "Griffin-B"]. Available at: http://www.banksoft.com.ua/index.php?id=28 [in Russian]
- Prohrammnoe sredstvo «Byblyoteka funktsyj kryptohrafycheskoj zaschyty ynformatsyy "Hryfon-L"[The software "Library of cryptographic information protection functions " Griffin-L"]. Available at: http://www.banksoft.com.ua/index.php?id=27 [in Russian]
- Yevseiev, S. P., Chevardyn, V. E., Radkovskyj, S. A. (2008). Mekhanyzmy obespechenyia autentychnosty bankovskykh dannykh vo vnutryplatezhnykh systemakh komercheskoho banka [Mechanisms for provodong bank data authenticity to the payment systems within the commercial bank]. Kharkiv: KhNEU, 6, 40–44. [in Russian]
- DSTU 4145–2002. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Tsyfrovyj pidpys, scho gruntuiet'sia na eliptychnykh kryvykh. Formuvannia ta perevirka [Information Technology. Cryptographic protection of information. Digital signature based on elliptic curves. Generation and verification] (2002). Kyiv: Derzhstandart Ukrainy, 40. [in Ukrainian]
- DSTU 7564–2014. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Funktsiia geshuvannia [Information Technology. Cryptographic protection of information. Hashing function] (2014). Kyiv: Derzhstandart Ukrainy, 39. [in Ukrainian]
- DSTU 7624–2014. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Alhorytm symetrychnoho blokovoho peretvorennia [Cryptographic protection of information. The algorithm of symmetric block conversion] (2014). Kyiv: Derzhstandart Ukrainy, 235. [in Ukrainian]
- Mizhbankivs'ki rozrakhunky v Ukraini [Interbank settlements in Ukraine]. Available at: http://www.bank.gov.ua/control/uk/publish/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2015 Сергей Петрович Евсеев, Григорий Павлович Коц, Ольга Григорьевна Король
This work is licensed under a Creative Commons Attribution 4.0 International License.
The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.
A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.