"Procedure for managing information security in banks" included in state register of Azerbaijan’s legal acts
BAKU, Azerbaijan, Aug. 3
By Zeyni Jafarov - Trend:
Azerbaijan has developed the "Procedure for managing information security in banks" as a result of the measures being taken in the field of ensuring information security, Trend reports on Aug. 3 with reference to the reporting data of the Central Bank of Azerbaijan (CBA).
The document establishing the minimum requirements for information security in the country's banks, taking into account the requirements of ISO / IEC 2700X standards of the International Organization for Standardization, was approved upon the decision of the Board of the CBA and included into the Azerbaijan State Register of Legal Acts.
The creation of the information technology infrastructure that meets the modern requirements in Azerbaijan in accordance with the international trends and the expansion of the offered digital services in the financial and banking sector make it important to ensure the information security during its exchange, protect the information resources from the possible threats, increase the level of general training in cybersecurity.
Taking into account that the application of the new rules in the field of information security will take time to create an appropriate information technology infrastructure in the banks and develop the policy and procedures for organizing the business processes in the field of information security, this document will enter into force on April 1, 2022.
From this date, a decision was made to cancel the current resolution of the Board of the CBA "Rules on the security of information systems in banks" dated December 10, 2014.
The new rules contain mechanisms for security of human resources, asset management, access control, cryptography, security of information exchange, ensuring security in the acquisition, use and maintenance of information systems, protection of information security in service relations with external suppliers, as well as the requirements for managing the information security incidents.
The CBA constantly focuses on the activity of ensuring the information security in the banking sector of the country, in particular, timely revealing, reducing and preventing the possible cyber attacks.