The automating process of information security management

Abstract

This article is devoted to the review and analysis of existing methods for ensuring information security of automated systems for the banking sector. Strengths and weaknesses were investigated. In particular, the introduction system of information security management will help to fulfill a significant part of the requirements of the group standards for information security ISO/IEC 27000 part of PCI DSS requirements and standards of the Bank of Russia, as well as its regulations and guidelines, requirements for the establishment of a subsystem of registration and accounting systems for the protection of personal data and key systems (the requirements of FSTEC of Russia).