National Bank of Ukraine has developed the draft resolution of the NBU Board ‘On approval of the Regulation on the organization of measures to ensure information security in the banking system of Ukraine’, which provides for stricter requirements for cyber defense in the country’s banks. It’s connected with recent cyber attack on Ukraine, the consequences of which are being eliminated so far.

The official website of the regulator reports that document presupposes the introduction of mandatory requirements to banks, which will be taken root stage by stage:

• Until March 2018 – the implementation of basic information security measures;
• Until September 2019 – the implementation of additional events to increase the level of maturity of the information safety;

In particular, appointed measures of safety of the information include:

– protection from malicious code;

– security measures when using e-mail;

– control of access to information systems of the bank;

– security measures in the bank network;

– cryptographic protection of information.

The draft resolution defines the concept of critical business processes of the bank from the point of view of information security and the scope of application by banks of the information security management system.

Moreover, it’s offered to appoint responsible person for information security in banks (Chief Information Security Officer, CISO) and provide him/her with sufficient authority to make managerial decisions. Also banks must form the separate units of information security, which will directly obey CISO.

Now the document is published on NBU website for discussion.