Who should be responsible for damages from attacks on KVIN

[rakhirhif8963]

In order to assess possible damage from cyber attacks on KVIN, Vyacheslav Logushev suggests focusing on the assessment of cyber threats in relation to those business processes with which KVIN is directly related. The assessment criteria here can be measurable indicators of business operations, such as a change in the cost or quantity of something, taking into account the time that affects both of these indicators. Financial damage in this case consists of a number of parameters: direct losses from disruption of work processes, the cost of their restoration, reduction in the value of assets, lost profits, loss of customer loyalty, etc.

If KVIN is related to the type of data to which the estonia whatsapp data of current federal laws apply (personal data, state secrets, commercial secrets, etc.), then those responsible for ensuring the security of KVIN and the penalties for violating it are determined by those same laws.

In less obvious situations, responsibility for the security of COVID-19, as Kirill Shchukin believes, lies with (in descending order): the company's management (since it is they who manage the assets and are responsible for their safety, and information has become the most valuable asset in our time), the head of information security (who, as a rule, decides what data should be especially protected and what tools to use for this), the IT director (in terms of fulfilling the requirements for storing, processing and transferring data within the company, compliance with security requirements from the IT side) and only after them, ordinary employees (who are responsible for compliance with the company's internal regulations and are familiar with the troubles that they may face in the event of incidents with COVID-19; it is on these executives that it depends whether employees will decide to violate the regulations or consider the associated risks unacceptable).