Information Technology Reference
In-Depth Information
Handy
: I am going to give you another website and I will have to verify that it still
exists but,
www.first.org
, should also be a good source because all of the CERTs are
usually members of First and if you are linked to them, you will definitely have all the
information that you need to be at the same level as those, if you are not already ahead of
them.
Aharoni
: I would like to ask a question that I was waiting for Mário Valente to ask
but he did not, so I am forced to do so. I am curious about the way that it is organized and
I am viewing it from my own perspective of having to run an organization or to be the
CEO of an organization in the Ukraine. If I want to defend my network using my own
selected antivirus tool, it looks like a burden for me as the CEO to have to go to a
government organization to help me select the antivirus. Why cannot it be more
distributed and each CEO bears the burden? I can understand a central organization that
recommends and gathers information and also accumulates and educates, but why am I
forced to select the antivirus that you recommend?
Kolobov
: The answer is simple. If you are the CEO of any company and you just
want to protect your own information for your company, it is your decision or your
solution. But, if you are a government organization or you are working with a State
enterprise, you are working with State information resources and you have to play
according to government rules.
Aharoni
: So I can select my own antivirus, but if I want to select my VPN, can I
select my own or do I have to go through the government?
Kolobov
: If you would like to buy any VPN equipment. I mean, equipment which
uses cryptographic methods just to protect the information, we have legislation laws in
Ukraine which require you to get a licence. What does this mean? You have to provide
high-level educated specialists prepared to work with that kind of special equipment; you
have to prove that those specialists are real, that they can work with that kind of
equipment and then you have to show that your equipment will be used for your
company, for your internal resources protection.
Aharoni
: Do I have to select a VPN from a set of VPN's that are authorized or I can
select any VPN and then prove that I have the properly educated people?
Kolobov
: If you represent a private company, you can select whatever you wish from
your knowledge of products, but if you are a minister or a chief of a State enterprise, you
have to have a licence and you can only buy recommended, government-approved
devices.
Aharoni
: And if I am a large financial organization, such as a large bank, is that
considered to be state information? Do I have to go through the authorities or is there a
private organization where I can select my own and only need various licenses?
Kolobov
: If you represent a large organisation, such as a commercial bank, you will
come to our organization and we will decide together what you really need to do. Usually
banks use international devices for encryption, for example, Swift IP, VPN, etc., and we
Search WWH ::
Custom Search