Chairman of the State Duma IT Committee Alexander

tanjimajuha20 · Post by **tanjimajuha20** » Sun Jan 19, 2025 7:55 am

doubt the effectiveness of the information security system. And if an information security specialist declares a lack of readiness, this means that he does not know what is happening in his infrastructure and is not confident in its effectiveness. Since the end of 2023, we have received the authority to assess the current state of information protection and began to apply the methodology in 2024. We have applied it to more than 100 organizations. It turned out that the basic level of security is ensured in only 10% of organizations, in 39% the state of security and information protection is characterized as low, and in 51% - catastrophic. Everything that happens in terms of leaks happens due to the insufficient effectiveness of solutions. And I would like to point out that there were no super-heavy attack vectors on the infrastructure."

Khinshtein raised the greece telegram issue of the size of turnover fines: "We, as the authors of the bill, believe that all the sanctions included in it are adequate and, on the one hand, correspond to real time, on the other hand, are not excessive and not ridiculous. The key question is only how to find the golden mean, in which the fine will be an adequate punishment and an incentive for businesses to invest in the development of information security. In the second reading, we agreed with the position of the Ministry of Digital Development regarding mitigating circumstances. These included three combined factors: the volume of investment in information security of at least 0.2% of turnover over three years; the absence of administrative liability for a number of offenses related to computer information security; the level of digital maturity. It is important for us that this norm does not become an opportunity to evade responsibility."

Sergey Sherstobitov, CEO of Angara Security LLC, believes that the introduction of turnover fines will benefit Russian organizations: "The main goal of the bill is not to replenish the budget of the Russian Federation, but to create prerequisites and conditions for more vigorous development of information security as an industry, as a system on a national scale. This system permeates not only large businesses, but also medium and small businesses, which seem not to understand that they need it. In my experience, one of the most important factors that can motivate businesses to change their paradigm and perception is the presence of fines. And not so much the amount of fines - although it also has an effect - as their inevitability. If this mechanics is clear and transparent, we will have a better chance of success."