I.O.'S ORDER OF THE MINISTER OF DIGITAL DEVELOPMENT, INNOVATIONS AND AEROSPACE INDUSTRY OF THE REPUBLIC OF KAZAKHSTAN

of August 16, 2019 No. 199/Tax Code

About approval of Rules of carrying out monitoring of events of information security of objects of informatization of state bodies

According to subitem 5-1) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization" I ORDER:

1. Approve the enclosed Rules of carrying out monitoring of events of information security of objects of informatization of state bodies.

2. To provide to committee on information security of the Ministry of digital development, innovations and aerospace industry in the procedure established by the legislation of the Republic of Kazakhstan:

1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;

2) within ten calendar days from the date of state registration of this order the direction it in the Kazakh and Russian languages in the Republican state company on the right of economic maintaining "Institute of the legislation and legal information of the Republic of Kazakhstan" for official publication and inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan;

3) placement of this order on Internet resource of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan after its official publication;

4) within ten working days after state registration of this order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1), 2) and 3) of this Item of the order.

3. To impose control of execution of this order on the supervising vice-minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan.

4. This order becomes effective after ten calendar days after day of its first official publication.

It is approved Committee of homeland security of the Republic of Kazakhstan

Approved by the Order of the Minister of digital development, innovations and the aerospace industry of the Republic of Kazakhstan of August 16, 2019 No. 199/Tax Code

Rules of carrying out monitoring of events of information security of objects of informatization of state bodies

Chapter 1. General provisions

1. These rules of carrying out monitoring of events of information security of objects of informatization of state bodies (further - Rules) are developed according to subitem 5-1) of article 7-1 of the Law of the Republic of Kazakhstan "About informatization" (further – the Law) and determine procedure for carrying out monitoring of events of information security of objects of informatization of state bodies.

2. In these rules the following concepts and determinations are used:

1) objects of informatization - electronic information resources, the software, Internet resource and information and communication infrastructure;

2) information security in the field of informatization (further - information security) - condition of security of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

3) monitoring of events of information security - permanent observation of object of informatization for the purpose of identification and identification of events of information security;

4) event of information security (further - IB event) - the condition of objects of informatization testimonial of possible violation of the existing security policy or about before unknown situation which can be related to safety of object of informatization;

5) incident of information security (further - IB incident) - separately or serially arising failures in work of information and communication infrastructure or its separate objects creating threat to their proper functioning and (or) conditions for illegal obtaining, copying, distribution, modification, destruction or blocking of electronic information resources;

6) the public technical service (further – JSC GTS) – the joint-stock company created according to the decision of the Government of the Republic of Kazakhstan;

7) journalizing of events – process of data recording about the program or hardware events happening to object of informatization in the magazine of registration of events;

8) system of collection of magazines of registration of events – the hardware and software providing centralized collection of magazines of registration of events of objects of informatization, their storage and further transfer to IB event management system;

9) the coordinator of information security – the employee of JSC GTS who is located on permanent basis in state body and performing coordination of the actions directed to maintenance of condition of security of objects of informatization of state bodies.

Other concepts used in these rules are applied according to the Law.

3. Monitoring of events of information security of objects of informatization of state bodies (further – MSIB) is carried out by JSC GTS realizing tasks and functions of the National coordination center of information security (further – NKTsIB).

4. Objects of MSIB are objects of informatization of state body (further – GO).

5. Do not treat objects of MSIB:

1) the electronic information resources containing the data constituting the state secrets;

2) the information systems in the protected execution carried to the state secrets according to the legislation of the Republic of Kazakhstan on the state secrets, and also network of telecommunications of special purpose and/or the governmental, secret, encoded and coded communication;

3) the objects of informatization of National Bank of the Republic of Kazakhstan which are not integrated with objects of information and communication infrastructure of "the electronic government".

6. Within MSIB sources of events of IB are:

means of information protection in information and communication infrastructure (further – IKI) MSIB objects, including, established and accompanied with JSC GTS (further – sources of events of IB);

IB NKTsIB event management system.

7. MSIB includes the following work types:

1) installation of sources of events of IB in IKI of objects of MSIB;

2) technical maintenance of sources of events of IB in IKI of objects of MSIB;

3) tracking of events of IB of objects of MSIB for the purpose of detection of incidents of IB and subsequent on them reactions.

8. MSIB is carried out by one of the following options:

1) on one work type;

2) on several work types.

9. MSIB is carried out by JSC GTS based on contractual relations between Committee of homeland security of the Republic of Kazakhstan (further – KNB RK) and JSC GTS, concerning objects of MSIB located in the territory of the Republic of Kazakhstan.

Chapter 2. Procedure for carrying out monitoring of events of information security of objects of informatization of state bodies

10. When carrying out MSIB JSC GTS performs:

1) within installation of sources of events of IB:

studying of IKI of objects of MSIB;

expansion of the hardware and software of sources of events of IB in IKI of objects of MSIB;

setup of separate mechanisms of functioning and security policies of sources of events of IB, and also check of correctness of their work;

2) within technical maintenance of sources of events of IB:

installation of updates of sources of events of IB in process of their release by the producer;

control of condition of sources of events of IB, their parameters and modes of protection, including elimination of mistakes and shortcomings of their functioning;

working off of requests from GO concerning functioning of sources of events of IB;

3) within tracking of events of IB of objects of MSIB, for the purpose of detection of incidents of IB and subsequent on them reactions:

determination of the list of magazines of registration of the events necessary for transfer to IB NKTsIB event management system;

the organization of journalizing of events of sources of events of IB accompanied with JSC GTS;

the organization of systems of collection of magazines of registration of events of NKTsIB in contours of networks of telecommunications of GO in which MSIB objects function;

the organization of collection of magazines of registration of events of objects of MSIB and sources of events of IB in system of collection of magazines of registration of events of NKTsIB;

the organization of transfer of magazines of registration of events of objects of MSIB and sources of events of IB in IB NKTsIB event management system their processing and the analysis for the purpose of identification of events of IB and incidents of IB;

primary analysis of events of IB or incidents of IB revealed on MSIB object;

the notification GO or person authorized by it about the revealed events of IB and incidents of IB within 30 minutes from the moment of identification of event of IB or incident of IB, KNB RK – within 3 hours;

issue of primary recommendations about suspension of distribution of incident of IB GO or to person authorized by it;

if technically possible taking measures to suspension of distribution of incident of IB by means of sources of events of IB;

the direction, if necessary, to the location of objects of MSIB of the employee of JSC GTS within response to IB incident (need is determined by KNB RK or JSC GTS independently);

the notification of authorized body in the field of ensuring information security (further – authorized body) and KNB RK about not elimination of GO or person of the reasons and effects of incident of IB authorized by it after 48 hours from the moment of identification of incident of IB.

11. The coordinator of information security performs:

studying of information and communication infrastructure of GO for the purpose of forming of recommendations about increase in level of security of OI GO;

studying of technical documentation on IB GO for the purpose of forming of recommendations about its updating and review of requirements of technical documentation;

coordinating of actions for response to incidents of IB revealed in information and communication infrastructure of GO;

assistance in response to IB incidents by means of the means of information protection established by employees of JSC GTS (in case of technical capability);

assistance in holding actions for increase in awareness in the field of IB at workers of GO.

12. GO or person authorized by it when carrying out MSIB:

provide physical and network access to the staff of JSC GTS to information and communication infrastructure GO and accounting records with the necessary rights for installation and maintenance of means of information protection;

provide JSC GTS the IP address in contours of networks of telecommunications for the organization of transfer of magazines of registration of events of objects of MSIB and sources of events of IB in IB NKTsIB event management system;

on quarterly basis provide to JSC GTS the urgent information, according to appendix, to these rules;

perform updating to current versions of the user and server operating systems;

notify JSC GTS on analysis results of event of IB and (or) on the measures taken on elimination of incident of IB within 48 watch from the moment of receipt of the notification from JSC GTS on identification of event of IB or incident of IB respectively.

13. JSC GTS, according to agreements, on rendering services MSIB, quarterly sends to KNB RK summary information on the revealed threats of IB, events of IB and incidents of IB, and also data on the measures for them taken by GO.

14. KNB RK quarterly sends to authorized body summary information on the revealed IB incidents, and also data on the measures for them taken by GO.

Appendix

to Rules of carrying out monitoring of events of information security of objects of informatization of state bodies

Data on MSIB object

№	Name of state body	Structural division (department)	Physical location (floor, office)	Full name of the user / responsible person	Network name of the working station / server hardware	IP address	Name of operating system
1	2	3	4	5	6	7	8
Local network of internal contour
Local network of external contour

 

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info