Homepage Information Information Security

Information Security

Physical security of the enterprise is provided by 24-hour site security based on automated access SUDOS system. SUDOS is an integrated site access system for corporate employees with the use of identity cards (with PIN-code validation) and CCTV system with monitors on 24-hour operative dispatching service desk.

Information Security Service performs insuring of legitimate state interests and interests of the State Atomic Energy Corporation ‘Rosatom’ in regard to confidential information protection (National Security Information, confidential information) and publicly available information (for release). It also ensures intellectual and physical resources security in Situation and Crisis Center.

In this line of Situation and Crisis Center of Rosatom activity the basic objectives of the service are:

  • organization, coordination and efficiency control of works on confidential information security, and performance analysis of conducted activities;
  • information security while its processing and storing with the use of computer aids;
  • occlusion of confidential information while its transfer through communication channels with the use of cryptographic protection facilities and digital signature;
  • countermeasures to technical reconnaissance equipment and technical information protection.

In the area of departmental secure links arrangement Situation and Crisis Center of Rosatom functions as Industry Certification Center, supporting more than 150 enterprises and more than 2500 users.

In this line of Situation and Crisis Center of Rosatom activity the basic objectives of the service are:

  • organization, coordination and efficiency control of works on confidential information security, and performance analysis of conducted activities;
  • information security while its processing and storing with the use of computer aids;
  • occlusion of confidential information while its transfer through communication channels with the use of cryptographic protection facilities and digital signature;
  • countermeasures to technical reconnaissance equipment and technical information protection.

Information security is provided by triune problem solution of confidentiality, integrity and availability of information processed in course of corporate activities.

Comprehensive set of organizational and technical measures

To provide appropriate information security processed in Information and Communication Network of the State Corporation a comprehensive set of organizational and technical measures was implemented to guarantee information security system compliance with up-to-date requirements. The main objective of information security system operation is to protect subjects of informational relations from possible financial, physical, moral, or any other damages by accidental or purposeful unauthorized tampering to the information infrastructure of the enterprise or from unauthorized access to information and its illegal use.

Current list of enterprise security hazards is the basis for maintenance of information security procedures implemented on the enterprise. Information security procedures shall be understood to mean a combination of methods and protection measures of current information in Information and Communication Network and supporting infrastructure from accidental or purposeful actions (natural or forced), resulting in damage for owners or information/supporting infrastructure users.

Comprehensive set of measures aimed at information security procedures includes:

  • procedural and institutional information security procedures (normative documents, HR management, records management);
  • implementation of organizational-technical measures aimed at restricted information protection from leakage through technical channels (objects of informatization approval);
  • organizational and software/ hardware measures aimed at prevention of unauthorized operations (access) to the enterprise information resources;
  • package of measures aimed at performance monitoring of restricted information security facilities and systems after accidental or purposeful activities.

Information security system carried out and supported on the enterprise provides:

  • data integrity control: protection from failures, resulting in information loss, and from unauthorized data creation or erasure;
  • information sensitivity and at the same time its availability for all authorized users, including access control organization to operated databases;
  • organization of legally valid electronic document management on the basis of ViPNet “Business mail”;
  • organization of data transfer secure network on the basis of ViPNet link encryption technology.

“Security perimeter”

Considering the necessity to support information exchange with other local networks (e.g. OJSC "Rosenergoatom Concern", NPO “Taifun”) and to receive information from the Internet, special attention is given to the protection of Information and Communication Network for Nuclear and Radiation Safety from external attacks (creation of “security perimeter”). Protection from external attacks is carried out by means of certified network firewall and other designated means in accordance with information security requirements. Set of technical measures implemented by Situation and Crisis Center of Rosatom aimed at

Information and Communication Network for Nuclear and Radiation Safety information security also includes:use of network firewall (Cisco PIX Firewall) and security areas allocation;

  • use of secure data transfer protocols (SSL, VIPNet);
  • control of all incoming traffic with the use of intrusion detectors (Cisco Intrusion Detection System), its distinction with the use of virtual networks (VLAN) based on Cisco commutators;
  • use of corporate secure email system on the basis of certified ViPNet means to provide confidential information exchange between the State Atomic Energy Corporation ‘Rosatom’ users and industry players;
  • use of cryptographic information security facilities to provide data exchange in federal information system of nuclear materials accounting and control;
  • continuous centralized antivirus monitoring in Information and Communication Network for Nuclear and Radiation Safety and on users personal computers;
  • use of information security facilities to prevent leakage through technical channels by means of different physical fields;
  • use of isolated wiring system to manage Information and Communication Network for Nuclear and Radiation Safety means, power supply and grounding electrode systems located in the territory of the State Atomic Energy Corporation ‘Rosatom’.

Digital signature

To provide authenticity and legal value of e-documents digital signature means are used. Immediate exchange of proprietary information which is not classified as state secret is carried out with the use of departmental secure ViPNet “Business mail” system. Information security from accidental or purposeful modification is carried out with the use of digital signature means, built in ViPNet system.