of August 16, 2019 No. 199/Tax Code
About approval of Rules of carrying out monitoring of events of information security of objects of informatization of state bodies
According to subitem 5-1) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization" PRIKAZYVAYU:
1. Approve the enclosed Rules of carrying out monitoring of events of information security of objects of informatization of state bodies.
2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry in the procedure established by the legislation of the Republic of Kazakhstan:
1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;
2) within ten calendar days from the date of state registration of this order the direction it in the Kazakh and Russian languages in the Republican state company on the right of economic maintaining "Institute of the legislation and legal information of the Republic of Kazakhstan" for official publication and inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan;
3) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan after its official publication;
4) within ten working days after state registration of this order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1), 2) and 3) of this Item of the order.
3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.
4. This order becomes effective after ten calendar days after day of its first official publication.
Acting Minister of digital development, innovations and aerospace industry of the Republic of Kazakhstan
It is approved Committee of homeland security of the Republic of Kazakhstan |
|
Approved by the Order of the Minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of August 16, 2019 No. 199/Tax Code
1. These rules of carrying out monitoring of events of information security of objects of informatization of state bodies (further - Rules) are developed according to subitem 5-1) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization" (further – the Law) and determine procedure for carrying out monitoring of events of information security of objects of informatization of state bodies.
2. In these rules the following concepts and determinations are used:
1) objects of informatization - electronic information resources, the software, Internet resource and information and communication infrastructure;
2) information security in the field of informatization (further - information security) - condition of security of electronic information resources, information systems and information and communication infrastructure from external and internal threats;
3) monitoring of events of information security - permanent observation of object of informatization for the purpose of identification and identification of events of information security;
4) event of information security (further - event of IB) - the condition of objects of informatization testimonial of possible violation of the existing security policy or about before unknown situation which can be related to safety of object of informatization;
5) incident of information security (further - incident of IB) - separately or serially arising failures in work of information and communication infrastructure or its separate objects creating threat to their proper functioning and (or) conditions for illegal obtaining, copying, distribution, modification, destruction or blocking of electronic information resources;
6) the public technical service (further – JSC GTS) – the joint-stock company created according to the decision of the Government of the Republic of Kazakhstan;
7) journalizing of events – process of data recording about the program or hardware events happening to object of informatization in the log of registration of events;
8) system of collection of logs of registration of events – the hardware and software providing centralized collection of logs of registration of events of objects of informatization, their storage and further transfer to event management system of IB;
9) the coordinator of information security – the employee of JSC GTS who is located on permanent basis in state body and performing coordination of the actions directed to maintenance of condition of security of objects of informatization of state bodies.
Other concepts used in these rules are applied according to the Law.
3. Monitoring of events of information security of objects of informatization of state bodies (further – MSIB) is carried out by JSC GTS realizing tasks and functions of National coordination Information Security Center (further – NKTsIB).
4. Objects of MSIB are objects of informatization of state body (further – GO).
5. Do not treat objects of MSIB:
1) the electronic information resources containing the data constituting the state secrets;
2) the information systems in the protected execution carried to the state secrets according to the legislation of the Republic of Kazakhstan on the state secrets, and also network of telecommunications of special purpose and/or the governmental, secret, encoded and coded communication;
3) the objects of informatization of National Bank of the Republic of Kazakhstan which are not integrated with objects of information and communication infrastructure of "the electronic government".
6. Within MSIB sources of events of IB are:
information security products in information and communication infrastructure (further – IKI) objects of MSIB, including, established and accompanied with JSC GTS (further – sources of events of IB);
IB NKTsIB event management system.
7. MSIB includes the following work types:
1) installation of sources of events of IB in IKI of objects of MSIB;
2) technical maintenance of sources of events of IB in IKI of objects of MSIB;
3) tracking of events of IB of objects of MSIB for the purpose of detection of incidents of IB and subsequent on them reactions.
8. MSIB is carried out by one of the following options:
1) on one work type;
2) on several work types.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.