Businesses also had many questions
Posted: Sat Feb 08, 2025 3:31 am
The Role of Information Security Regulation During a Pandemic
During the pandemic, regulators chose the path of self-elimination and failed to adequately respond to the changes that occurred in the country. Thus, FSTEC limited itself to a brief instruction for owners of critical infrastructure, describing the procedure for them to follow during the pandemic with remote access. There is nothing significant in these recommendations, and experts even noted errors in them related to the fact that the regulator itself, apparently, had not encountered remote work before the start of self-isolation. Businesses did not receive answers to pressing questions related to the postponement of inspections, the need to conduct certification remotely, the procedure for certifying information security tools during the pandemic (during self-isolation, certification laboratories did not accept visitors), defining the boundaries of information systems in the context of blurring their perimeters, etc.
B for the FSB, for example, how to ensure the legal azerbaijan mobile database of electronic document management related to an electronic signature when working remotely from premises not certified in accordance with FSB requirements; or how to carry out work related to the use of cryptographic solutions in the personal residence of users not included in the license (according to current FSB requirements, places of work with cryptographic tools must be indicated in the license). All that the FSB did was issue recommendations on combating cyber threats exploiting the coronavirus theme through its division, the National Coordination Center for Cybersecurity.
The past few months of self-isolation have probably allowed regulators to understand how well their requirements and regulations met the situation we all found ourselves in. And if it is true that another wave of coronavirus awaits us, then regulators have the opportunity to take into account the lessons learned in their regulations.
During the pandemic, regulators chose the path of self-elimination and failed to adequately respond to the changes that occurred in the country. Thus, FSTEC limited itself to a brief instruction for owners of critical infrastructure, describing the procedure for them to follow during the pandemic with remote access. There is nothing significant in these recommendations, and experts even noted errors in them related to the fact that the regulator itself, apparently, had not encountered remote work before the start of self-isolation. Businesses did not receive answers to pressing questions related to the postponement of inspections, the need to conduct certification remotely, the procedure for certifying information security tools during the pandemic (during self-isolation, certification laboratories did not accept visitors), defining the boundaries of information systems in the context of blurring their perimeters, etc.
B for the FSB, for example, how to ensure the legal azerbaijan mobile database of electronic document management related to an electronic signature when working remotely from premises not certified in accordance with FSB requirements; or how to carry out work related to the use of cryptographic solutions in the personal residence of users not included in the license (according to current FSB requirements, places of work with cryptographic tools must be indicated in the license). All that the FSB did was issue recommendations on combating cyber threats exploiting the coronavirus theme through its division, the National Coordination Center for Cybersecurity.
The past few months of self-isolation have probably allowed regulators to understand how well their requirements and regulations met the situation we all found ourselves in. And if it is true that another wave of coronavirus awaits us, then regulators have the opportunity to take into account the lessons learned in their regulations.