Ensuring Information Security Controls for the Russian Banking Organizations

摘要

An approach to develop the controls system (CS) in the field of maintenance of information security (IS) for the Russian banking organizations, based on the well known international and Russian standards, is offered. The CS elements are interconnected with each other by IS control processes (controls or control directions): IS monitoring, IS self-assessment, external IS audit, the analysis of IS maintenance system functioning, IS maintenance system analysis by an organization's management. The general structure of the CS is defined. Relations and connections of processes with each other within the CS are shown. The structured representation (specification) of each of the CS processes is developed, but as two examples only IS monitoring process and IS maintenance analysis by the Organization's management are described in detail.