Добредојдовте, земете си колаче.

< Security

Information System Security (security in cyberspace or simply cyber security) is defined as providing the following basic principles:

• Confidentiality:
  The information is only available to those who have authorized access thereto.
• Integrity:
  Protection of the information accuracy and consistency and of the processing methods.
• Аvailability:
  Authorized users have access to the information and other accompanying items necessary for its presentation in case of business need.
• Non-Repudiation:
  Confirmation and undeniability of activities related to the access and use of information.
• Accountability:
  Activities related to the use and access to information may be unequivocally noticed and recorded.

Or, information security means protection of information and information systems against unauthorized access, exploitation, disclose, interruption, modification, examination, inspection, recording and destruction.

Information is item of great importance for every organization, and in particular for banks thus being adequately protected. Ensuring information system security protects information from different types of threats in order to provide secure, stable and confidential services to its clients.

Sparkasse Bank Makedonija AD Skopje (hereinafter the Bank), through its system of organizational and technical measures ensures stable and secure information system in compliance with the applicable legal provisions (Decision on the Information System Security, NBRM; Law on Personal Data Protection), internal regulation and best practices in the relevant areas of operation.

Below are given key and relevant control procedures, processes and measures applied in the Bank in the sphere of information security:

• The Bank has appointed a person responsible for the Information System Security (INFOSEC), whose main task is to coordinate the measures and procedures and continuous monitoring their implementation in the Bank’s information security process.
• The Bank possesses Information System Security Policy as a strategic document setting the principles and guidelines for ensuring confidentiality, integrity and availability of the information and processes in the Bank.
• The Bank has introduced a process for regular monitoring, analysis and notifying security incidents.
• The Bank has introduced a relevant methodology of risk assessment and analysis related to the use and configuration of the items that are part of the information system.
• When concluding outsourcing contracts with IT suppliers, the Bank has introduced standard articles of confidentiality and securing service continuity.
• The Bank has also introduced adequately tested reserve (secondary) location for computer and application systems to be used in case of large outage or interruption of the primary information system.
• The Bank has introduced a practice of continuous and regular notification of the employees on actual subjects related to risks and security of the information system.