Ensuring the information and technical safety
For purposes of ensuring the information and technical safety, the respective service desk of the Exchange in 2017-2018 carried out a series of legal, administrative, organizational and technical measures aimed at minimization of information safety risks and increasing the level of the Exchange’s information safety.
Key controls and managerial processes on information safety were improved according to international safety standards, including ISO 27001, and to requirements of normative acts of the NBRK.
To reduce the risk of leakage of confidential information, additional mechanisms of logging, restriction and control of access to critical information were introduced.
For purposes of increasing the level of safety of the Exchange’s information and communication infrastructure against possible cyber-attacks a series of checks were conducted to define the safety of the Exchange’s computing network and information systems against cyber-attacks that may lead to a failure of the information systems and services they provide.
Based on results of the checks, in association with the IT department works were done to improve the architecture of the Exchange’s computing network, equipment and software devoted to the protection of the Exchange’s perimeter which allowed a substantial improvement of the level of safety of the Exchange’s network and reduction risks of possible cyber-attacks.
Processes of physical safety of the Exchange were significantly improved, in particular, new rules of the entry regime, rules of ensuring the visual and objective control of the status of protected areas and rooms were developed and approved.
The combination of all measures allowed a significant improvement of the level of the Exchange’s information safety and reduction of possible risks.