A security system is a set of legal and moral and ethical standards, administrative and organizational measures, technical, software and cryptographic means aimed at creating properties of security against accidental and deliberate interference in the normal functioning process, minimizing possible damage from destruction, damage and disclosure information.
The security system is formed on the basis of an analysis of the current state of security, taking into account possible security threats and the risk of their implementation in a specific situation, creating a methodology for making managerial and technological decisions and a mechanism for ensuring information security.
Key safety aspects:
- safety – ensuring the physical protection of technical systems and means, information carriers from destruction, damage, theft;
- integrity – ensuring protection against accidental or deliberate distortion of information;
- accessibility – ensuring access to information by an authorized user at the right time for him;
- confidentiality – ensuring protection from unauthorized access to information;
- evidentiary – ensuring the conditions for the formation and provision of evidence of both law-abidingness and violation of information relations by the subject;
- obedience to law – ensuring that the subjects comply with the established legislative, regulatory legal acts and ethical standards of behavior in the process of information relations.
Regulatory legal framework in the field of information protection:
- Information Security Concept of the National Bank;
- Rules for providing access to the payment system;
- Rules for ensuring the safety of the user of the payment system;
- Payment system center security rules;
- Rules for the analysis of conflict situations related to the authenticity of electronic documents.
Complexes and systems of NPC ensuring the security of the payment system:
- Cryptographic information protection system;
- CERTEX Public Key Infrastructure;
- Firewalls;
- System of virtual private networks;
- Dial-up access authorization server;
- Intrusion detection and security analysis system.
Internal security organization:
- An access control and burglar alarm system designed to control access to premises and protect premises from unauthorized entry, while integration with a television security and surveillance system with a fire alarm system is provided. Proximity cards are used as identifiers in the system;
- Security video surveillance systems, allowing to solve the tasks of monitoring objects, ensuring the security of objects, registering, storing and searching for video recordings, integrating with an access control system (receiving alarm commands from access systems and burglar alarms and displaying alarm zones on monitors);
- A fire alarm and automatic fire extinguishing system designed to detect fire sources, alert and automatically extinguish them. In the event of a fire source, an audible and visual alarm is generated. In this case, the power supply and air conditioning units are automatically cut off.