of September 21, 2020 No. 90
About approval of Requirements to services of response to incidents of information security, to conducting internal investigations of incidents of information security
According to the subitem 4) parts one of article 13-6 of the Law of the Republic of Kazakhstan of July 4, 2003 "About state regulation, control and supervision of the financial market and the financial organizations" Board of the Agency of the Republic of Kazakhstan on regulation and development of the DECIDES: financial market
1. Approve the enclosed Requirements to services of response to incidents of information security, conducting internal investigations of incidents of information security.
2. To provide to management of cyber security in the procedure established by the legislation of the Republic of Kazakhstan:
1) together with Legal department state registration of this resolution in the Ministry of Justice of the Republic of Kazakhstan;
2) placement of this resolution on official Internet resource of the Agency of the Republic of Kazakhstan on regulation and development of the financial market after its official publication;
3) within ten working days after state registration of this resolution submission to Legal department of data on execution of the actions provided by the subitem 2) of this Item.
3. To impose control of execution of this resolution on the supervising vice-chairman of the Agency of the Republic of Kazakhstan on regulation and development of the financial market.
4. This resolution becomes effective since January 1, 2021 and is subject to official publication.
The chairman of the Agency of the Republic of Kazakhstan on regulation and development of the financial market
M. Abylkasymova
Approved by the Resolution of Board of the Agency of the Republic of Kazakhstan on regulation and development of the financial market of September 21, 2020 No. 90
1. These Requirements to services of response to incidents of information security, conducting internal investigations of incidents of information security (further – Requirements) are developed according to the Law of the Republic of Kazakhstan of July 4, 2003 "About state regulation, control and supervision of the financial market and the financial organizations" and establish requirements to services of response to incidents of information security, conducting internal investigations of incidents of information security of banks of the second level and branches of nonresident banks of the Republic of Kazakhstan (further – bank), the organizations performing separate types of banking activities (further – the organization).
2. In Requirements the concepts provided by the Law of the Republic of Kazakhstan "About informatization", the resolution of Board of National Bank of the Republic of Kazakhstan of March 27, 2018 No. 48 "About approval of Requirements to ensuring information security of the banks, branches of nonresident banks of the Republic of Kazakhstan and the organizations performing separate types of banking activities, Rules and terms of provision of information on incidents of information security, including data on violations, failures in information systems", registered in the Register of state registration of regulatory legal acts at No. 16772, and also the following concepts are used:
1) the retrospective analysis of events of information security - the analysis of data set, the events of information security received during monitoring, for period at least three months on the basis of updated indicators of compromise and other data on relevant threats of information security for the purpose of identification of incidents of information security and (or) the related threats of information security undetected earlier;
2) internal investigation of incident of information security - the process performed by employees of bank, organization and the third parties for the purpose of establishment of the reasons and prerequisites of emergence of incident of information security, procedure for realization of incident of information security, assessment of scale of impact and damage from realization of incident of information security, efficiency analysis of the taken responses to incidents of information security;
3) the standard procedure of reaction - procedure for application of urgent measures for localization of incident of information security which probability of origin is high without possibility of decrease in risk of emergence of incident of information security in short terms;
4) the compromise indicator - the unique characteristic of the object observed in volatile memory on electronic media or in network traffic which with high probability specifies device compromise;
5) vulnerability - lack of information system or its separate elements which operation is capable to lead to violation of integrity and (or) confidentiality and (or) availability of information system.
3. The bank, the organization provides creation of structural division on response to incidents of information security – service of response to incidents of information security (further – service of reaction).
4. For the purpose of proper functioning of service of reaction the bank, the organization provides:
1) implementation, proper functioning of the program technical means automating processes of monitoring of events of information security and response to incidents of information security;
2) determination of the list of events and (or) sets of the events of information security requiring obligatory immediate response to them by service of reaction, with fixing of the taken measures (further – the list of events of information security), sources of events of information security, frequency, procedure and methods of monitoring of events of information security;
3) determination of procedure for reference of events of information security to incidents of information security, their classification and prioritization;
4) development, maintenance in urgent condition of standard procedures of reaction and training of employees of service of reaction concerning application of standard procedures of reaction;
5) determination of procedure for informing leading employees of bank, organization, divisions of bank, organization and authorized body on regulation, control and supervision of the financial market and the financial organizations (further – authorized body), including for decision making about conducting internal investigation of incident of information security;
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.