The National Bank of Ukraine continues to maintain a constructive dialogue with the Ukrainian banks with the aim of forming a balanced approach to the information security management system in the banking system of Ukraine.

The first meeting of the Working Group on the information security management system in the banking system of Ukraine (hereinafter – ISMS) have already taken place.

“We are introducing a new format of communication with banks and invite stakeholders interested in building an efficient ISMS in their banks to take part in devising a development strategy for the Information Security Management System, building on their own hands-on experience,” said Director of the Information Security Department of the National Bank of Ukraine Dmytro Lukianov.

According to him, the Working Group participants have been invited to actively participate in selecting the most appropriate working format, relevant areas of focus and take part in solving organizational issues. “We do not want to impose patterns, instead we want to encourage bankers with hands-on experience to work out the right direction for changes in the further development of the ISMS in the banking system of Ukraine,” said Dmytro Lukianov adding that the Working Group participants would soon be polled about their views on the list of the main topical issues to be worked out by the Working Group on the ISMS.

Deputy Director of the Information Security Department Serhii Ivanyshyn said that in his view it was necessary to assess the current maturity level of the ISMS for its future strategic development: "Today we have an opportunity to determine the required parameters of the ISMS self-assessment methodology within the Working Group and move closer to the evaluation of its maturity level in the banking system of Ukraine". He suggested that the meeting participants carry out "self-assessment of the ISMS maturity level" to evaluate the actual performance of the information security function, as this would enable it to make sound decisions on further development of the ISMS in each individual bank and ensure its consistent development in the banking system of Ukraine.

At the meeting, it was also decided to analyze the appropriateness of the use of a new version of the information security management standard ISO/IEC 27002:2013 (ISO 27002:2005 is currently in use) in terms of its possible advantages for banks. The participants will try to explore in detail the transition to the standard ISO 27002:2013 and assess the need to expand the standard and adopt the adjacent standards, as well as the need to adopt either the entire methodology or its selected provisions (for instance, assessment of the COBIT maturity level) and outline a time-phased transition plan that will be best tailored for the Ukrainian banks.

The Working Group meeting participants also concurred on the need to analyze the international information security standards to explore the possibility and appropriateness of their use in the banking system of Ukraine, as well as the existing approaches applied by the National Bank of Ukraine to the ISMS inspections conducted to get a real picture of the ISMS in the Ukrainian banks.

Wrapping up the meeting Director of the Information Security Department Dmytro Lukianov enticed the representatives of banks and associations who are not yet involved in the Working Group (which currently comprises experts from the regulator's Information Security Department, over 40 Ukrainian banks and the National Association of Ukrainian Banks) but willing to contribute to the new approaches in the development of the ISMS to join in efforts.

Further information about the activities of the Working Group on the ISMS can be obtained by contacting Tetiana Samsoniuk, a representative of the Information Security Department, by phone (044) 527-32-91 or via e-mail [email protected].