The world entry into the digital era, when a human daily life more and more depends on the sophisticated technologies, requires the prompt and timely reaction to new challenges requiring to neutralize the potential adverse occurrences. In our modern society the progression of cyberthreats represents the continually growing threat.
Information security in SEC NRS became one of the development priorities more than three years ago together with the enactment of the «Information Security Concept» that stipulated the priority goals, major objectives, principles and ways to ensure information security and determined the corporate organizational and technical principles to ensure and manage information security, and also developed the unified corporate approaches to ensure security of information processed in the information systems and transmitted through the communication channels.
For the purpose of neutralization of the existing threats and for implementation of measures aimed to prevent infringements onto the information resources of the Centre, within a year we have realized an integrated Project devoted to creation of the information security system on the basis of the threats analysis and prediction.
The Project incorporated three major stages:
- pre-Project survey of the automated information system (hereinafter to be referred to as AIS) desigened for processing of the sensitive information;
- modernization of the existing infrastructure in line with the requirements of the legislation in the field of information security;
- certification tests to check the compliance with the requirements of information security.
At the stage of pre-Project survey, information from each AIS segment of the Center was collected and analyzed in order to elaborate the requirements to information security, to develop recommendations on updating and/or correction of the organizational-administrative documentation, as well as to upgrade and/or extend licences and to adjust the information security equipment. Based on the results of this stage a model of a hacker and information security threats was developed, and the required security level and protection class were determined.
At the second stage of the Project, a set of organizational-administrative documents was updated for all AIS segments, and information security equipment was put into operation.
At the final stage of the Project, the activities on AIS certification were carried out. In frames of this stage a technical certificate was developed together with the tests programme and methodology, which made the ground for the relevant conclusion and issue of a certificate of compliance with the information security requirements.
Stable functioning of information systems, communication equipment, as well as security thereof prevail for the SEC NRS since they are an important factor for the Center effective development in the course of executing tasks related to scientific and technical support of Rostechnadzor on the basis of advanced, including digital, technologies.
Andrey Balalaechnikov, Scientific and Engineering Centre for Nuclear and Radiation Safety (SEC NRS), firstname.lastname@example.org.