1.0
Methodology
The process includes analyzing current security measures, assessing their effectiveness and implementing solutions in accordance with the requirements of regulators and international standards.
Let's figure it out together!
Important note: The authors do not claim absolute accuracy according to the norms of the Republic of Kazakhstan (from the point of view of the current regulatory legal acts of the Republic of Kazakhstan). The goal is to improve the security of your systems and raise awareness.
Composition of the methodology
Article 1
What is information security and which documents regulate it?
MoreArticle 2
Who and why must comply with information security requirements in the Republic of Kazakhstan?
MoreArticle 3
What is a CII?
MoreArticle 4
What does the Information Security Department do?
MoreArticle 5
What is a SOC, and who needs it?
MoreArticle 6
What are compliance tests for information security requirements, who conducts them, and who needs to pass them?
MoreArticle 7
What is an audit of information systems, who conducts it, and who needs to pass it?
MoreArticle 8
What is an instrumental examination of information system components?
MoreArticle 9
What is the trusted software registry?
MoreArticle 10
What is the assurance level or compliance with ST RK ISO/IEC 15408-3?
MoreArticle 11
Independent pentest
MoreArticle 12
Why the Trusted Software Registry
MoreArticle 13
How to classify an information object
MoreArticle 14
Useful links and resources.
MoreArticle 15
Feedback
More