17.12.2014

Development of Technical Requirements to Improve the Information Security Level for LUKOIL-INFORM

Project completion date:

September 2014

The Customer:

LUKOIL-INFORM is a parent company providing information and technological support for the LUKOIL Group. The Company develops, implements and supports information systems within Lukoil (a vertically-integrated oil company) as well as production and process flow management systems, ensures corporate information security, and develops and maintains the telecommunications infrastructure. LUKOIL-INFORM is one of the largest Russian communications operators on the information technologies market. The Company cooperates with the global leading companies in this field.

Objectives:

  • Determination of information security criteria according to the best global practices and Company’s regulatory documents
  • Documenting security criteria in the form of technical requirements for secure configuration of systems
  • Improvement of the IS level of the Company’s network infrastructure, operating systems and applied software
  • Achievement of the necessary and manageable security level of the Company’s network infrastructure, operating systems and applied software
  • Classification of organizational and technical solutions for the Company’s network infrastructure, operating systems and applied software

Business needs:

There was a need to define technical requirements to support information security based on the assessment of business-related risks and in compliance with the best global practices.

Solution:

As a part of the project, experts from Informzaschita conducted a detailed analysis of the current information security recommendations applicable to the Company’s network infrastructure, operating systems and applied software, and examined the system operation conditions. Limitations set by the Company’s regulations were also analyzed. Based on the analysis results, new requirements to components of the network infrastructure were defined, and the currently applicable change and vulnerability management as well as security analysis procedures were revised. Standards were developed for systems such as SAP, Oracle, Linux, Windows 2012 Server, Active Directory, etc. Requirements for the local access network architecture, routing protocols and Cisco equipment were revised as well.

Result:

As a result of the project, Informzaschita developed technical requirements to improve the information security level in order to automate a greater part of IT and IS divisions of LUKOIL-INFORM. Employees from the IT and IS departments obtained ready-made audit and setting tools for different platforms developed on the basis of the assessment of business-related risks and in compliance with the best global practices.