of September 14, 2011 No. 52/12
About Regulations on requirements for ensuring information security in commercial banks of the Kyrgyz Republic
According to articles 7 and 43 of the Law of the Kyrgyz Republic "About National Bank of the Kyrgyz Republic", the Board of National Bank of the Kyrgyz Republic decides:
1. Approve the Provision "About Requirements for Ensuring Information Security in Commercial Banks of the Kyrgyz Republic" it (is applied).
2. This resolution becomes effective after one month after official publication.
3. After official publication to send to Legal management this resolution to the Ministry of Justice of the Kyrgyz Republic for inclusion in the State register of regulatory legal acts of the Kyrgyz Republic.
4. To impose control of execution of this resolution on the vice-chairman of National Bank of the Kyrgyz Republic Chokoyev Z. L.
Chairman
Z.Asankozhoyeva
Approved by the Resolution of Board of National Bank of the Kyrgyz Republic of September 14, 2011 No. 52/12
1. The purpose of this provision is establishment of single requirements for the commercial banks of the Kyrgyz Republic and National bank of development of the Kyrgyz Republic directed to increase in level of information security of bank system of the Kyrgyz Republic, and also minimization of the possible losses caused by actions of malefactors, emergency failures and human errors.
2. Ceased to be valid according to the Resolution of Board of National Bank of the Kyrgyz Republic of 15.06.2017 No. 2017-P-12/25-12
3. Action of this provision extends to commercial banks, and also other organizations having licenses of National Bank for carrying out banking and payment transactions, and for National bank of development of the Kyrgyz Republic (further banks).
4. All regulating documents concerning information security, accepted in commercial banks of the Kyrgyz Republic shall be brought into accord with this Provision.
5. The National Bank of the Kyrgyz Republic (further - National Bank) has the right to perform check of banks on observance by them of the requirements established by this Provision.
6. The management of bank bears complete responsibility for use and functioning of all information system of bank.
7. "Nobility of the client" (Know your Customer): The principle used by regulating authorities for expression of the relation to the financial organizations from the point of view of knowledge of activities of their clients.
8. "Nobility of the employee" (Know your Employee): The principle showing concern of bank concerning the relation of bank employees to the obligations and possible problems, such as abuse of property, swindles or financial difficulties which can lead to problems with safety.
9. "It is necessary to know" (No. eed to Know): The principle limiting powers on access for bank employees and clients of bank to information and resources on information processing at the level, minimum necessary for accomplishment of certain obligations.
10. Dual Control: The principle of preserving integrity of process and fight against misstatement of functions of system requiring that two authorized bank employees independently took certain action before completion of certain transactions.
11. Authorization is action for provision to the user of possibility of accomplishment (provision of permission) of specific actions in system on the basis of its job responsibilities. Without special sanction access to any information or appendix is not allowed to any user.
12. Identification (identification): assignment process to objects/subjects of the identifier (unique name) or comparison of the identifier of the object/subject with the list of the appropriated identifiers.
13. Authentication - check of accessory to the object/subject of access of the identifier shown them or authenticity confirmation.
14. Authorization (authorization): Provision process to certain object / subject of the rights to accomplishment of some actions according to the carried-out role in system.
15. Information system - the interconnected set of the means, methods and personnel used for storage, processing and issue of information for the benefit of achievement of effective objective. The information system contains the automated and not automated processes of storage, processing and issue of information.
16. The Automated System (AS) is the system consisting of personnel, complex of the automation equipment of its activities, methods and actions realizing information technology of accomplishment of the established functions.
17. The Automated Bank System (ABS) is the automated system realizing technology of accomplishment of functions of bank.
18. The user of the automated system is the subject or object registered in the automated system and using its resources (employees and clients of bank).
19. Data assets - the information having value for bank from the point of view of achievement of its purposes and provided on any material carrier in suitable for its processing, storage or transfer to form.
20. Availability of data asset - the property of information security of bank consisting that data assets are provided to the authorized user, and in the type and the place necessary for the user and when they are necessary for it.
21. Integrity of data asset - property of information security of bank to keep invariance or to find the fact of change in the data assets.
22. Confidentiality of data asset - the condition of resources of bank consisting that processing, storage and transfer of data assets are performed in such a way that data assets are available only to the authorized users, objects of system or processes.
23. The Information Security (IS) - the safety connected with threats in the information sphere. Security is reached by ensuring set of IB properties - availability, integrity, confidentiality of data assets. Priority of IB properties is determined by the value of the specified assets for interests (purposes) of bank.
24. Object - the process which is carried out in information system, requesting permission to receipt of information access.
25. The subject - the user requesting permission to receipt of information access.
26. The identifier - unique sign of the subject or access object.
27. The token - the compact device in the form of the USB-stick which serves for authorization of the user, protection of electronic correspondence, safe remote access to information resources and also reliable storage of any personal data, is also called "key".
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.
The document ceased to be valid since January 7, 2022 according to Item 2 of the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of December 22, 2021 No. 2021-P-20/72-8-(NPA)