Ainstainer Group
Steps for data security are taken on a governance level - on December 20, 2006, the president of Ukraine Victor Yushchenko signed a law entitled “On Ratification of Agreement between Ukraine and the European Union on the Security Procedures for the Exchange of classified information”
Also, according to the law, classified information can be disclosed or passed to another party according to the principle of control by the information owner.
Joint observation of the execution of the agreement is performed by Minister of the Interior of Ukraine and Secretaries-
To protect the data, it is vital not only to use security systems (firewalls, UTMs and many more), but also to avoid “bugs in a human hardware” - to take actions against social engineering. Ainstainer Group Co Ltd has following corporative rules to protect intellectual property (these rules were created based on the other companies’ experience and on the book by Kevin Mitnick – “The Art of Deception: Controlling the Human Element of Security”):
1. First, all information is classified based on the confidentiality level.
2. Each employee is informed on the possibility of intrusion, and is aware of the potentiality of being manipulated with an intention of receiving particular information. Employers know, what data is being protected and exactly how to protect it.
3. The co-workers know the reason and necessity of each particular action for the data protection.
4. Every person, that has access to the important information, constantly observes possible ways of attacks and educates the subordinates to be aware of these possibilities.
5. There are obligatory rules for the password creation – passwords must be strong enough; different passwords should be used; passwords should not be given out to any party not under any circumstances.
6. When being approached with request to provide any information, every staff member is obliged to check the authority of person requesting and make sure that the requesting person is authorized to receive such information (this also can be proven by the ability of that person to answer particular questions concerning his request details).
7. Employers must immediately report to the senior management on every suspicious situation; especially regarding such points:
• System crash or system failure;
• Being offered all kinds free software;
• Attempts to receive passwords or any other confidential information;
• Approaches from persons who fancy themselves as partner’s subsidiary employees or senior managers.
Staff members are aware of the signs of social engineers:
• Refusal to name the internal code;
• Unusual request;
• Urgency notification;
• Threats of negative consequences;
• Avoidance of precise answers;
• Efforts to set up a personal contact.
Ukraine is taking steps to guarantee the data security. While multinational clients benefit from skills and experience of Ukrainian IT experts, they may rest assure, that the shared data will be protected – not only by newest information security systems, but also by techniques, that prevent social engineering.
Photo:
http://www.prlog.org/
