Document from CIS Legislation database © 2003-2021 SojuzPravoInform LLC

RESOLUTION OF THE CABINET OF MINISTERS OF UKRAINE

of December 23, 2020 No. 1295

Some questions of ensuring functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks

For the purpose of ensuring functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks the Cabinet of Ministers of Ukraine decides:

1. Approve the Procedure for functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks which is applied.

2. Determine that and response to cyberincidents and cyber attacks the State center of cyberprotection of Public service of special communication and information protection is responsible for functioning of system of detection of vulnerabilities.

3. To provide to the ministries and other central executive bodies for the purpose of operational identification and response to cyberincidents and cyber attacks possibility of installation on subjects to cyberprotection which are in the field of their management, sets of the equipment of subsystem of collection of telemetry of information and telecommunication systems.

4. To give administrations of Public service of special communication and information protection annually till January 10 to the Cabinet of Ministers of Ukraine information on results of functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks.

Prime Minister of Ukraine

D. Shmygal

Approved by the Resolution of the Cabinet of Ministers of Ukraine of December 23, 2020 , No. 1295

Procedure for functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks

1. This Procedure determines bases of functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks which are performed concerning the subjects to cyberprotection determined by part two of article 4 of the Law of Ukraine "About the basic principles of ensuring cyber security of Ukraine".

Features of functioning of system of detection of vulnerabilities and response to cyberincidents and cyber attacks in bank system of Ukraine it is determined by National Bank.

Action of this Procedure does not extend to objects of critical information infrastructure of the Ministry of Defence and Armed Forces in the conditions of emergency and warlike situation.

2. Terms which are used in this Procedure have such value:

security administrator of subject to cyberprotection - person from number of persons employed of subject to cyberprotection which is responsible for security policy observance which tasks include ensuring processes of operation, functioning, setup program, hardware-software both hardware of information protection of subject to cybernetic protection and implementation of the current control of them;

security administrator of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks - person from number of persons employed (workers) of the State center of cyberprotection of Gosspetssvyaz which is responsible for security policy observance which tasks include ensuring processes of operation, functioning, setup program, hardware-software and hardware of information protection of subject to cybernetic protection, the system of detection of vulnerabilities and response to cyberincidents and cyber attacks and implementation of the current control of them;

the industry center for management of cyber security - the control center cyber security which functions on subject to cyberprotection of certain industry of national economy;

network telemetry (telemetric information) - set of information on condition of functioning program, hardware-software or the hardware of telecommunication or technological system;

security policy is set of the documentary decisions made by management of subject to cybernetic protection and directed to protection of telecommunication and (or) technological networks and systems, information and the resources (assets) associated with it;

the system of detection of vulnerabilities and response to cyberincidents and cyber attacks - set program and software and hardware tools which provide carrying out the round-the-clock monitoring, the analysis and transfer of telemetric information on cyberincidents and cyber attacks which happened or occur on subjects to cyberprotection and can have negative impact on their steady functioning;

the control center cyber security - set of organizational technical means, algorithms, decisions concerning collection, the analysis, visualization and data exchange on the revealed incidents of information security.

Other terms are used in the value given in the Laws of Ukraine "About information protection in information and telecommunication systems", "About telecommunications", "About Public service of special communication and information protection of Ukraine", "About the basic principles of ensuring cyber security of Ukraine".

3. Enter structure of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks:

1) subsystem of government team of response to computer extraordinary events of Ukraine of CERT-UA which provides centralized collection and accumulating of information on cyberthreats and cyberincidents received from different sources, including also open;

2) subsystem of detection and response to cyber attacks at the level of working and server stations ("ending points") which provides detection of harmful activity on them, response to it with actions for liquidation, minimization or isolation, blocking of the processes used by the malicious software;

3) subsystem of collection of telemetry of information and telecommunication systems (active sensors) (further - sensor) which provides:

collection and correlation of events of safety, including collection of network telemetry with the detailed information about network flows and sessions;

carrying out monitoring of telecommunication traffic for the purpose of identification of cyber attacks and cyberincidents;

detection and the analysis of the malicious software, including tracking and prevention of attempts of its distribution at the network layer;

The subsystem of the operational center of response to cyberincidents which is the central component of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks and provides 4):

centralized operation by all subsystems of the system of detection of vulnerabilities and responses to cyberincidents and cyber attacks;

centralized collection and accumulating of information on network events of information security;

carrying out monitoring and processing in real time cyberthreats and cyberincidents.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.