The national Bank of Ukraine introduces regulation of issues of information security and cyber security of the banking system of Ukraine. The NBU Board resolution No. 95 of September 28 approved the “regulations about organization of measures for ensuring information security in the banking system of Ukraine”.
The document defines the mandatory requirements for the organization of activities of information security that should be implemented in a phased manner by banks.
The first phase of activities (implementation baseline of information security measures) will be implemented until March 1, 2018, the second phase (implementation of additional measures to increase the level of maturity of information security) until 1 September 2019.
Steps to information security include protection against malicious code, security measures when using e-mail, access control to the information systems of the Bank security measures in the Bank’s network, cryptographic protection of information.
Provides for the appointment in the banks responsible persons for information security (Chief Information Security Officer, CISO) and give him authority sufficient for making management decisions. Also, banks should establish a separate unit for information security solely of full-time employees of the Bank, which report directly to the CISO.
In NBU believe that the implementation of these measures will strengthen the requirements for protection of information in information systems of banks to meet current cyber-threats.
The decree comes into force from March 1, 2018, except for section V, “Additional security information”, which will take effect from 1 September 2019.