The development of the information security management system (ISMS) was conducted as a business transformation project. The project was implemented in three areas: People, Processes, Technologies. All planned results, goals and benefits of the project were achieved on time and in accordance with the approved Business Transformation Programme's Roadmap.
The Company purchased and implemented the SIEM security information and event management system, which covers all information systems at KEGOC. The analysis of the new system shows positive changes including the reduction of time for processing and incident response to 8,5 hours. During this time the specialists manage to detect and analyse the events, as well as to assess the possibility of incidents, which leads to more effective management of the information security of the Company and prompt response to external threats.
The Company has improved the IS risk management processes, which identify the main information assets, determine the IS risks, evaluate and process them, and develop measures to minimize them, on the basis of which the Company has developed a risk-based approach to information security management. Internal documents on the Company's information security have been developed, including the Information Security Development Programme for 2022 that defines the main approaches, goals and principles of the development of the area.
To implement the procedures for managing processes and tasks of information security, the Company established a separate structural unit.
- According to the external audit, the information security of the Company complies with the regulatory and industry requirements, which is the basis for further progressive development and implementation of corporate cybershield in the future, - said the Sponsor of the project, Tolegen Safuani, Managing Director for Legal Support and Risks at the meeting on completion of the project. He congratulated everyone with the successful implementation of target information security model, and thanked the members of the project team and all involved for their productive work. In addition, he expressed hope for active participation in the implementation of the next phase of work, a project to ensure cyber security among portfolio companies of Samruk-Kazyna.