April 15 is the deadline for securities companies to complete the review and assessment of information security and implement measures to overcome risks and weaknesses of systems, including transaction service systems. online securities.
Regarding the case of VNDIRECT Securities Company's system being hacked on March 24, making business operations of the enterprise and transactions of many securities investors impossible; As the State management agency for network information security, the Department of Information Security (Ministry of Information and Communications) has just issued a document requesting securities companies to strengthen the security of information systems belonging to the Ministry of Information and Communications. scope of management of your business.
The Department of Information Security stated that the recent network information security incidents in some securities company systems have caused serious damage to securities businesses, and at the same time led to panic. brings and partly affects users' confidence in the safety of stock exchanges in Vietnam in particular and the financial market in general.
To ensure the security of information systems of securities companies, the Information Security Department recommends that these businesses, from now until April 15, focus on completing the review and inspection. , evaluate and ensure information security of information systems under management and immediately deploy measures to overcome risks, vulnerabilities, and weaknesses of the systems; especially with customer account management systems, serving online stock transactions.
Securities companies need to review and organize to ensure the safety of information systems by level, especially the organization of statistics and classification of information systems under their management; Develop a plan to implement and complete regulations to ensure information system security by level.
The goal to be achieved is to ensure that 100% of operating information systems are approved for safety level no later than September; Fully implement the information security assurance plan according to the approved level proposal dossier.
Organize effective, substantive, regular and continuous implementation of information security work according to the 4-layer model, especially improving the capacity of the monitoring layer, professional protection and continuous maintenance , stabilize connection and share information with the National Cyber Security Monitoring Center of the Ministry of Information and Communications.
The Information Security Department recommends that, in parallel with developing an incident response plan for the information system under its management, securities companies also need to implement a plan to periodically back up the system and important data. important to promptly restore when data encryption is attacked.
Review and promote the implementation of Vietnam network information security incident response activities; Periodically hunt for threats to promptly detect signs of system intrusion. With a system that has detected a serious security vulnerability, after fixing the vulnerability, the unit needs to immediately carry out threat hunting to determine the possibility of previous intrusion.
The Information Security Department also recommends that securities companies check and update information security patches for important systems according to warnings from the Information Security Department and related agencies and organizations. At the same time, periodically inspect, evaluate and review to promptly detect information security holes and existing weaknesses in the system.
TRAN BINH
