TREASURY INFORMATION SECURITY

BUSINESS - INFORMATION - TECHNOLOGY +

SECURITY

DEVELOPMENT OF A METHODOLOGY FOR SECURITY PROCEDURES AND PROCESSES

EISA (Enterprise Information Security Architecture) - detailed description of security processes and procedures to develop compliance with strategic goals of the enterprise.

EISA implies optimization of business-processes, answers the questions when architecting business security, establishment of a secure network infrastructure, development of security policies and procedures, etc.

Due to introduction of EISA, we lay the groundwork to create flexibility within our organization, to adjust our system to a coming change.

2

Unification of the development tools

Dev –> QA –> Prd

RBAC + SoD

Transition to web-services

Unification of the development environment

Unification of DBMS being used

3

BUILDING A SECURE INFRASTRUCTURE

Threat source: DDoS; Hacktivists Opponents using software like Stuxnet, Shamoon Special services

Vulnerable users: Executive directors Heads of Departments Head of IT Super users

4

Documents/Records/Email

Database

Server/Operating System

Application

Network

Physical

External Users

Internal

Users

5

Internal Users

6

Build sustainable compliance programs

Reduce risk of insider threat and

attacks

Identity AccessData

Protection

7

STATE TREASURY AGENCYSTATE TREASURY AGENCY

TREASURY BRANCHTREASURY BRANCH

TREASURY BRANCHTREASURY BRANCH

TREASURY BRANCHTREASURY BRANCH

INTERNETINTERNET

XDMXXDMX

8

ASA 5515 X

ASA 5555 X ASA 5555 X

Cisco 2951 Cisco 2951

INTERNETINTERNET

DMZDMZ

Certeficat CenterCerteficat Center RADIUS ServerRADIUS Server

Mail ServerMail Server

XDMX

ServersServers

ASA 5515 X

9

ASA 5515 X ASA 5515 X

ASA 5555 X ASA 5555 X

Cisco 2951 Cisco 2951

INTERNETINTERNET

DMZDMZ

Certeficat CenterCerteficat Center RADIUS ServerRADIUS Server

Mail ServerMail Server

Privat NetworkPrivat Network

Treasury Branch 2

Treasury Branch 1

Treasury Branch N

ServersServers

XDMX

10

SwitchSwitch

DMZ

UsersUsers AdministratorsAdministrators

WEBWEB

FileServer

FileServer

Data BaseData Base

ProxyServerProxyServer

DNSServerDNS

Server

ADServer

ADServer

Policy

INTERNETINTERNET

Router

DNS (TCP/UDP 53)

HTTP (TCP 80)HTTPS (TCP443)

HTTPS (TCP 443)

GPO

Access List

Access List

ASA Out

ASA Internal

POP3 (TCP 110)SMTP (TCP 465)

Mail ServerMail ServerCerteficate ServerCerteficate Server

ServersServers

11

RECEIPT, USE OF THE DIGITAL CERTIFICATE

12

After conclusion of the contract with the State Treasury Agency, an organization’s email address receives an email with the link.

13

Unique 7 digit number of the organization

14

ID data is entered

15

CERTIFICATE DOWNLOAD SECTIONAND SETUP MANUAL

User certificates setup

SC certificate setup

Setup manual

16

After setting up the certificates, log on is done via a personal certificate.

17

THANK YOU FOR ATTENTION!

18