Анализ законодательной базы к системе управления информационной безопасностью НСМЭП

Abstract

Рассматриваются законодательные акты в области защиты банковских транзакций в национальной системе массовых электронных платежей (НСМЭП), ее структура. Проводится анализ основных источников угроз конфиденциальности, целостности и доступности данных, рассматриваются основные требования стандартов к функциям системы управления информационной безопасностью, программные средства технических систем безопасности информации в банковских институтах Национального банка Украины.

Legal acts in the field of protection of banking transactions in the national system of mass electronic payments, its structure are considered. An analysis of the legal framework of banking activities has shown that it is generally based on international standards that define the basic principles of the information security management system, recommendations to counter cyber attacks on banking systems. However, incomplete regulatory and methodological support of information security, especially in the area of indicators and criteria significantly complicates, and sometimes makes it impossible to objectively evaluate the information security system effectiveness. The analysis of the main sources of threats to the confidentiality, integrity and availability of data is carried out. Currently, over 90 % of all crimes are associated with the use of automated banking systems, based on the synthesis of "traditional attacks" such as brute force and social engineering. The basic requirements of the standards to the functions of the information security management system, software tools of technical information security systems in the banking institutions of the National Bank of Ukraine are considered.