Post by rabiakhatun on Nov 3, 2024 5:41:57 GMT -5
I will start this article with this thesis, in which I will share my impressions of the participation of regulators in PHDays. In general, as you might have noticed, I have almost stopped writing about regulations, but this post will be an exception. Because if regulations are present in it, then rather as accompanying information and in the context of effective cybersecurity , which was the subject of the 12th PHD. It should be noted right away that representatives of regulators, of course, are different, but it seems to me that they are also bored of talking all the time about the regulations that they are asked to talk about when inviting them to various content writing service events. If you do not set restrictions for them, they are excellent conversationalists, they know how to joke, express their opinions, make forecasts, etc. This could be seen with your own eyes both at the open and closed parts of PHDays, where representatives of the Ministry of Digital Development, FSTEC, FSB, Ministry of Energy, State Duma, etc. spoke. But let's get back to the article. I would not like to recount in detail, with quotes and direct speech, everything that the regulators said - you can do this yourself by watching the three videos that I will post in the note.
I will start, no, not with the plenary section, but with the closed to the general public energy day, which took place the day before the official opening of PHDays, and at which representatives of the NKTSKI, among other things, shared two interesting facts:
The FSB believes that there is a pressing need to establish information security requirements for information security companies — manufacturers of protection tools and information security service providers. This was said 2 days before the website of the FSB and FSTEC licensee, Infotex, was hacked , and the data of the site's users leaked. 2.5 weeks before that, hackers hacked another FSB and FSTEC licensee — BI.ZONE (the company's website does not say anything about this, unlike the Telegram channel and many third-party sites, for example, here or here ). And these are far from the only cases of hacking of domestic information security companies in recent months — there are already at least seven of them, which raises the question of how information security players themselves protect themselves. Therefore, it is quite natural that they will be subject to the requirements that they themselves are trying to implement for their clients.
The FSB, represented by the National Coordination Center for Cybersecurity, provides (and is ready to provide) security assessment services to organizations, primarily critical information infrastructure entities, as well as other organizations under the regulator's control. This was unexpected - the FSB appeared as a service provider on information security issues.
I will start, no, not with the plenary section, but with the closed to the general public energy day, which took place the day before the official opening of PHDays, and at which representatives of the NKTSKI, among other things, shared two interesting facts:
The FSB believes that there is a pressing need to establish information security requirements for information security companies — manufacturers of protection tools and information security service providers. This was said 2 days before the website of the FSB and FSTEC licensee, Infotex, was hacked , and the data of the site's users leaked. 2.5 weeks before that, hackers hacked another FSB and FSTEC licensee — BI.ZONE (the company's website does not say anything about this, unlike the Telegram channel and many third-party sites, for example, here or here ). And these are far from the only cases of hacking of domestic information security companies in recent months — there are already at least seven of them, which raises the question of how information security players themselves protect themselves. Therefore, it is quite natural that they will be subject to the requirements that they themselves are trying to implement for their clients.
The FSB, represented by the National Coordination Center for Cybersecurity, provides (and is ready to provide) security assessment services to organizations, primarily critical information infrastructure entities, as well as other organizations under the regulator's control. This was unexpected - the FSB appeared as a service provider on information security issues.