April 15 is the deadline for securities companies to complete the review and assessment of information security and implement measures to overcome risks and weaknesses of their systems, including the system serving online securities transactions.
Regarding the incident in which the VNDIRECT Securities Company system was attacked by a cyber attack on March 24, making the business activities of the enterprise and transactions of many securities investors impossible; as the State management agency for network information security, the Department of Information Security (Ministry of Information and Communications) has just issued a document requesting securities companies to strengthen the security of information systems under their management.
The Department of Information Security stated that the recent cyber security incidents in some securities companies' systems have caused serious damage to securities companies, while also causing confusion and somewhat affecting users' confidence in the safety of stock exchanges in Vietnam in particular and the financial market in general.
To ensure the security of information systems of securities companies, the Department of Information Security recommends that these enterprises, from now until April 15, focus on completing the review, inspection, and assessment of information security assurance of information systems under their management and immediately deploy measures to overcome risks, vulnerabilities, and weaknesses of the systems; especially with customer account management systems serving online securities transactions.
Securities companies need to review and organize information system security assurance by level, especially organizing statistics and classifying information systems under their management; developing implementation plans to complete regulations on ensuring information system security by level.
The target is to ensure that 100% of operating information systems are approved for security levels by September at the latest; fully implement information security assurance plans according to approved level proposal documents.
Organize effective, substantial, regular and continuous implementation of information security assurance work according to the 4-layer model, especially improving the capacity of the professional monitoring and protection layer and maintaining continuous and stable connection and information sharing with the National Cyber Security Monitoring Center of the Ministry of Information and Communications.
The Information Security Department recommends that, in parallel with developing an incident response plan for information systems under its management, securities companies also need to implement a plan to periodically back up systems and important data to promptly restore when data encryption attacks occur.
Conduct a review and promote the implementation of Vietnam's network information security incident response activities; periodically hunt for threats to promptly detect signs of system intrusion. For systems that have detected serious security vulnerabilities, after fixing the vulnerability, the unit needs to immediately hunt for threats to determine the possibility of previous intrusion.
The Information Security Department also recommends that securities companies check and update information security patches for important systems according to warnings from the Information Security Department and related agencies and organizations. At the same time, periodically check, evaluate and review to promptly detect information security vulnerabilities and weaknesses that exist in the system.
TRAN BINH
Source
![[Photo] Signing of cooperation between ministries, branches and localities of Vietnam and Senegal](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/7/24/6147c654b0ae4f2793188e982e272651)
Comment (0)