WebUI

Протокол

Задание №41

Назад к заданию

**Summary of the Conversation:**

**1. Infrastructure Overview:**
- **Cloud Components:** Kubernetes clusters, MS SQL servers (2 instances), and cloud-based systems.
- **On-Premises Systems:** 1С (accounting software) managed by Alexander Polikaniy, and other critical systems. The on-premises setup is described as a "safety number" (critical infrastructure) requiring enhanced security measures.

**2. Key Security Concerns:**
- **Redundancy & Backups:** 
  - Cloud systems are considered adequately protected.
  - On-premises systems lack hot backups, posing a risk. The team plans to address this by implementing hot backups and ensuring redundancy.
- **Access Controls:** 
  - Active Directory (AD) is integrated, but local accounts are minimal. They emphasize the need to review user permissions, privileged accounts, and password policies across Windows, Linux, and databases.
  - Concerns about outdated passwords for integration accounts and lack of enforcement for user accounts.

**3. Compliance & Audits:**
- **Central Bank (ЦБ) Check:** 
  - An audit is scheduled for late October, potentially including IT compliance checks.
  - The team is preparing to ensure all systems meet regulatory requirements, with a focus on availability, access controls, and backup strategies.
- **IT Governance (ITGC):** 
  - They plan to review access controls, user permissions, password policies, and other governance controls. A checklist will be prepared for internal auditors.

**4. Collaboration & Next Steps:**
- **Team Coordination:** 
  - Collaboration with the 1С administrator (Alexander Polikaniy) and other teams is necessary for a comprehensive audit.
  - Internal auditors will be involved, with a focus on hot backups, redundancy, and security policies.
- **Project Prioritization:** 
  - The team is prioritizing security and compliance over optimization projects, as the Central Bank audit is a critical deadline.

**5. Challenges & Risks:**
- **On-Premises Vulnerabilities:** 
  - The on-premises infrastructure is a "safety number," requiring immediate attention to prevent data loss or downtime.
  - Lack of hot backups and outdated password policies for integration accounts are flagged as risks.

**6. Action Items:**
- **Audit Preparation:** 
  - Finalize ITGC checklist, review access controls, and ensure hot backups for on-premises systems.
  - Coordinate with the 1С team and internal auditors for a thorough compliance check.
- **Security Enhancements:** 
  - Implement stricter password policies, enforce regular password changes, and ensure redundancy for critical systems.

**Conclusion:**
The conversation highlights the need for a focused effort on securing the on-premises infrastructure, aligning with regulatory requirements, and ensuring robust backup and access control strategies before the Central Bank audit in late October. Collaboration across teams and adherence to IT governance standards are critical to addressing these challenges.