IS Methodology

A simple guide to cybersecurity for organizations in Kazakhstan

Let's figure out what IS is, who is responsible for what, which standards apply in Kazakhstan, how to improve protection, and where to turn. 15 articles — from basics to practical checklists.

Start with the first article
15 articles 🇰🇿 KZ standards ISO ~60 min read

Managers

Understand what KZ regulators require and which risks to close first

IS specialists

Ready-made checklists for audits, pentests, and standards compliance

Employees

Learn your responsibility and basic security rules

15

articles · ~60 min read

🇰🇿

KZ standards

Закон «Об информатизации», стандарты СТ РК

ISO

international standards

27001, 15408, NIST, GDPR

Section navigation

4 topical blocks

You don't need to read everything in order. Pick the block that's relevant to your role and tasks.

1 — 2

IS basics

What information security is, which documents regulate it, and who is required to comply in Kazakhstan.

1What is information security and which documents regulate it?~5 min2Who and why must comply with information security requirements in the Republic of Kazakhstan?~4 min
3 — 5

Structure and bodies

CVOIIC, IS department, OTSIB — what they are, why they exist, and how they work.

3What is a CII?~4 min4What does the Information Security Department do?~3 min5What is a SOC, and who needs it?~5 min
6 — 8, 11

Audits and inspections

Compliance testing, IS audits, and instrumental inspection of components.

6What are compliance tests for information security requirements, who conducts them, and who needs to pass them?~7 min7What is an audit of information systems, who conducts it, and who needs to pass it?~6 min8What is an instrumental examination of information system components?~5 min11Independent pentest~4 min
9 — 10, 12 — 13

Standards and software

Trusted software registry, ISO 15408, independent pentest, object classification.

9What is the trusted software registry?~4 min10What is the assurance level or compliance with ST RK ISO/IEC 15408-3?~6 min12Why the Trusted Software Registry~3 min13How to classify an information object~5 min
All articles

Methodology contents

15 articles
1basic

What is information security and which documents regulate it?

Start here — the foundational article that sets context for the whole methodology.

~5 minRead
2basic

Who and why must comply with information security requirements in the Republic of Kazakhstan?

~4 minRead
3basic

What is a CII?

~4 minRead
4basic

What does the Information Security Department do?

~3 minRead
5basic

What is a SOC, and who needs it?

~5 minRead
6advanced

What are compliance tests for information security requirements, who conducts them, and who needs to pass them?

~7 minRead
7advanced

What is an audit of information systems, who conducts it, and who needs to pass it?

~6 minRead
8advanced

What is an instrumental examination of information system components?

~5 minRead
9advanced

What is the trusted software registry?

~4 minRead
10advanced

What is the assurance level or compliance with ST RK ISO/IEC 15408-3?

~6 minRead
11advanced

Independent pentest

~4 minRead
12advanced

Why the Trusted Software Registry

~3 minRead
13advanced

How to classify an information object

~5 minRead
14

Useful links and resources.

~2 minRead
15

Feedback

~1 minRead
Legend: IS basics Structure and bodies Audits and inspections Standards and software

Start with the first article — it takes 5 minutes

What is information security and which documents regulate it?

Important note: the authors do not claim absolute accuracy with respect to Kazakhstan's legal norms (from the standpoint of current regulations). The goal is to improve the protection of your systems and raise awareness.

HomeFeedAll CoursesMethodology