Analysis of the legal framework for the information security management system of the NSМEP

Authors

  • Сергей Петрович Евсеев Simon Kuznets Kharkiv National University of Economics pr. Lenina 9a, Kharkov, Ukraine, 61166, Ukraine
  • Григорий Павлович Коц Simon Kuznets Kharkiv National University of Economics 9-А Lenina ave., Kharkiv, Ukraine, 61166, Ukraine
  • Ольга Григорьевна Король Simon Kuznets Kharkiv National University of Economics 9-А Lenina ave., Kharkiv, Ukraine, 61166, Ukraine

DOI:

https://doi.org/10.15587/1729-4061.2015.51468

Keywords:

information security of banking transactions, threats to banking data

Abstract

Legal acts in the field of protection of banking transactions in the national system of mass electronic payments, its structure are considered. An analysis of the legal framework of banking activities has shown that it is generally based on international standards that define the basic principles of the information security management system, recommendations to counter cyber attacks on banking systems. However, incomplete regulatory and methodological support of information security, especially in the area of indicators and criteria significantly complicates, and sometimes makes it impossible to objectively evaluate the information security system effectiveness. The analysis of the main sources of threats to the confidentiality, integrity and availability of data is carried out. Currently, over 90 % of all crimes are associated with the use of automated banking systems, based on the synthesis of "traditional attacks" such as brute force and social engineering. The basic requirements of the standards to the functions of the information security management system, software tools of technical information security systems in the banking institutions of the National Bank of Ukraine are considered.

Author Biographies

Сергей Петрович Евсеев, Simon Kuznets Kharkiv National University of Economics pr. Lenina 9a, Kharkov, Ukraine, 61166

Ph.D., Associate Professor

Information Systems Department

Григорий Павлович Коц, Simon Kuznets Kharkiv National University of Economics 9-А Lenina ave., Kharkiv, Ukraine, 61166

Candidate of Economic Sciences, Associate Professor

Information Systems Department

Ольга Григорьевна Король, Simon Kuznets Kharkiv National University of Economics 9-А Lenina ave., Kharkiv, Ukraine, 61166

PhD, Associate Professor

Information Systems Department

References

  1. Khymka, S. S. Razrabotka modelej y metodov dlia sozdanyia systemy ynformatsyonnoj bezopasnosty korporatyvnoj sety predpryiatyia s uchetom razlychnykh kryteryev [Development of models and methods for the creation of a system of information security corporate network , taking into account various criteria]. Available at: http://masters.donntu.org/2009/fvti/khimka/diss/index.htm [in Russian]
  2. Ukraynskyj resurs po bezopasnosty [Ukrainian security resource] [Elektronnyj resurs]. Available at: http://kiev-security.org.ua [in Russian]
  3. Slobodeniuk, D. (2013). Bankovskye tekhnolohyy, Sredstva zaschyty ynformatsyy v bankovskykh systemakh [Banking Technologies: means of information security in banking systems]. Available at: http://www.arinteg.ru/about/publications/press/sredstva-zashchity informatsii-v-bankovskikh-sistemakh-131107.html [in Russian]
  4. Symakov M. N. (2012). V S'ezd dyrektorov po ynformatsyonnoj bezopasnosty [V Congress Chief Security]. Moscow. Available at: http://www.csosummit.ru/data/2012/presentations/cso2012_013_express-tula_simakov.pdf [in Russian]
  5. Revenkov, P. V. Zaschyta ynformatsyy v banke: osnovnye uhrozy y bor'ba s nymy [Data protection in the bank : the main threats and control of them]. Available at: http://www.crmdaily.ru/novosti-rynka-crm/568-zashhita-informacii-v-banke-osnovnye-ugrozy-i-borba-s-nimi.html [in Russian]
  6. Security of Internet Banking – A Comparative Study of Security Risks and Legal Protection in Internet Banking in Thailand and Germany. Available at: http://www.thailawforum.com/articles/internet-banking-thailand.html [in English].
  7. Yarochkyn, V. Y. (2004). Ynformatsyonnaia bezopasnost' [Information security]. Second edition. Moscow: Akademycheskyj Proekt; Haudeamus, 544. [in Russian]
  8. Standart Ukrainy SOU N NBU 65.1 SUIB 1.0:2010. Metody zakhystu v bankivs'kij diial'nosti systema upravlinnia informatsijnoiu bezpekoiu. [Vymohy Methods of protection in the banking system of information security management. Requirements]: (ISO/IEC 27001:2005, MOD) (2010). Kyiv: NBU., 67. [in Ukrainian]
  9. Zvid pravyl dlia upravlinnia informatsijnoiu bezpekoiu (ISO/IEC 27002:2005, MOD) [Set of rules for information security management]: SOU N NBU 65.1 SUIB 1.0:2010 (2010). Kyiv: NBU, 209. [in Ukrainian]
  10. Korchenko, A. A., Skachek, L. N., Khoroshko, V. A. (2014). Bankivs'ka bezpeka [Banking security]. Kyiv, 185. [in Ukrainian]
  11. Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Protsedura vyrabotky y proverky elektronnoj tsyfrovoj podpysy na baze asymmetrychnoho kryptohrafycheskoho alhorytma [Interstate standard. Information technology. Cryptographic protection of information. The procedure of development and verification of digital signatures based on asymmetric cryptographic algorithm]: HOST 34.310-95 (1998). Kyiv: Hosstandart Ukrayny. [in Russian]
  12. GOST 34.311-95. Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Funktsyia kheshyrovanyia [Interstate standard. Information technology. Cryptographic protection of information. Hashing function] (1998). Kyiv: Hosstandart Ukrayny. [in Russian]
  13. GOST R34.10-94. Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Protsedury vyrabotky y proverky elektronnoj tsyfrovoj podpysy na baze asymmetrychnoho kryptohrafycheskoho alhorytma [Information technology. Cryptographic protection of information. Procedure of generation and verification of electronic digital signatures based on asymmetric cryptographic algorithm]. Natcionalnyj standart. [in Russian]
  14. GOST R34.11-94. Ynformatsyonnaia tekhnolohyia. Kryptohrafycheskaia zaschyta ynformatsyy. Funktsyia kheshyrovanyia [Information technology. Cryptographic protection of information. Hashing function]. Natcionalnyj standart. [in Russian].
  15. Zadiraka, V. K., Olesiuk, O. S., Nedashkovs'kyj, N. O. (1999). Metody zakhystu bankivs'koi informatsii [Methods of bank information protection]. Kyiv: Vyscha shkola, 264. [in Ukrainian]
  16. Prohrammnoe sredstvo kryptohrafycheskoj zaschyty ynformatsyy "Hryfon-B" [Software for cryptographic information protection "Griffin-B"]. Available at: http://www.banksoft.com.ua/index.php?id=28 [in Russian]
  17. Prohrammnoe sredstvo «Byblyoteka funktsyj kryptohrafycheskoj zaschyty ynformatsyy "Hryfon-L"[The software "Library of cryptographic information protection functions " Griffin-L"]. Available at: http://www.banksoft.com.ua/index.php?id=27 [in Russian]
  18. Yevseiev, S. P., Chevardyn, V. E., Radkovskyj, S. A. (2008). Mekhanyzmy obespechenyia autentychnosty bankovskykh dannykh vo vnutryplatezhnykh systemakh komercheskoho banka [Mechanisms for provodong bank data authenticity to the payment systems within the commercial bank]. Kharkiv: KhNEU, 6, 40–44. [in Russian]
  19. DSTU 4145–2002. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Tsyfrovyj pidpys, scho gruntuiet'sia na eliptychnykh kryvykh. Formuvannia ta perevirka [Information Technology. Cryptographic protection of information. Digital signature based on elliptic curves. Generation and verification] (2002). Kyiv: Derzhstandart Ukrainy, 40. [in Ukrainian]
  20. DSTU 7564–2014. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Funktsiia geshuvannia [Information Technology. Cryptographic protection of information. Hashing function] (2014). Kyiv: Derzhstandart Ukrainy, 39. [in Ukrainian]
  21. DSTU 7624–2014. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Alhorytm symetrychnoho blokovoho peretvorennia [Cryptographic protection of information. The algorithm of symmetric block conversion] (2014). Kyiv: Derzhstandart Ukrainy, 235. [in Ukrainian]
  22. Mizhbankivs'ki rozrakhunky v Ukraini [Interbank settlements in Ukraine]. Available at: http://www.bank.gov.ua/control/uk/publish/

Published

2015-10-20

How to Cite

Евсеев, С. П., Коц, Г. П., & Король, О. Г. (2015). Analysis of the legal framework for the information security management system of the NSМEP. Eastern-European Journal of Enterprise Technologies, 5(3(77), 48–59. https://doi.org/10.15587/1729-4061.2015.51468

Issue

Section

Control processes