RUSSIAN

BRICS Summit
Kazan. 22–24 October 2024

  1. Home
  2. News

Audit of Cybersecurity and Data Protection: Recap of BRICS Supreme Audit Institutions Seminar

BRICS Supreme Audit Institutions (SAIs) held a seminar in video conference format on 6 June 2024 to consider ways to ensure information security at government agencies, as well as audit methods in this regard.

Denis Strizheusov, deputy director of the Financial Audit Department at the Russian Accounts Chamber, provided a detailed description of the three main stages of how the Accounts Chamber conducts an information security audit of international organizations: it studies the organization’s job instructions and descriptions, assesses operational efficiency, and conducts the procedures associated with a technical security audit. He highlighted the role of ISO 27001 and ISO 27002 standards in the information security of international organizations and provided an analysis of how these standards are applied in audits. Andrey Shcheverov, director of the Digital Transformation Department, also took part in the seminar on behalf of the Accounts Chamber.

André Torres Breves Gonçalves, an inspector at the Information Security Assessment Department of the Federal Court of Accounts of Brazil, gave a presentation in which he described in detail the main stages and methods for checking whether government agencies are prepared for phishing attacks. The SAI of Brazil checked whether government employees click on potentially malicious links, enter their personal data on unfamiliar sites, and download files from untrusted sources. The report also noted that the SAI of Brazil analysed some 14,000 URLs of government agencies at various administrative levels. An information security risk matrix was compiled based on the analysis. Following the checks, the entities that were audited provided plans to improve their information security controls.

Chester September, an expert in cybersecurity and information systems audits at the Auditor-General of South Africa, spoke about the cybersecurity audit methods used in South Africa. To conduct a cybersecurity audit, the SAI of South Africa has developed a methodology to verify the maturity of cybersecurity management processes, which includes an assessment of vulnerabilities and testing for security against hacking. September also stressed the need for constant interagency cooperation between government agencies on cybersecurity issues.

The representative of the Chinese National Audit Office, Cui Zhu, spoke about the focuses of cybersecurity audits conducted by the SAI of China. In particular, when verifying how prepared an organization is to prevent cybersecurity threats, the SAI of China primarily assesses the security of network architecture, network access management, and cybersecurity log management, as well as how to prevent unauthorized access and malware penetration. She said that it is crucial to consolidate existing cybersecurity standards into a single document, as well as train skilled professionals in order to improve security auditing in China.

Deepak Raghu, director of the Information Systems Audit at the Office of the Controller and Auditor General of India, provided details about the main stages of ensuring cybersecurity in India and the SAI’s role in this process. Government organizations in India must independently conduct internal information security audits, but external experts can also be involved. The SAI of India periodically assesses whether the information security systems of government agencies comply with legal requirements. Raghu noted that state requirements for cybersecurity apply not only to government agencies, but also to large private companies in such areas as telecommunications, medicine, and finance.

The SAIs of the countries that joined BRICS on 1 January 2024 attended the seminar.

The meeting participants agreed to continue exchanging experience on cybersecurity audits and expressed hope for continued regular interaction in the format of the SAIs of BRICS countries.

The Roscongress Foundation manages the events of Russia’s BRICS Chairship.

Other news

The First International BRICS+ Blind Football Tournament To Take Place in Moscow

On 18-20 December 2024 Russia will host the inaugural International Blind Football Tournament, which will feature professional teams from the BRICS nations and partner countries
Mode details
13.12.2024

Sirius Hosts IX BRICS Young Scientists Forum

The closing ceremony of the IX BRICS Young Scientists Forum took place on the sidelines of the IV Young Scientists Congress at Sirius University of Science and Technology on 29 November 2024
Mode details
03.12.2024

Economic Congress of 6th BRICS International Municipal Forum Concludes in St. Petersburg

The Economic Congress of the 6th BRICS International Municipal Forum (autumn session) was held on 21–22 November 2024 in St. Petersburg
Mode details
02.12.2024

Final Meeting of BRICS Sherpas/Sous-Sherpas Held in Yekaterinburg

On 26-28 November 2024 Yekaterinburg hosted the closing BRICS Sherpas/Sous-Sherpas meeting under the chairship of Sergey Ryabkov, Deputy Minister of Foreign Affairs of Russia and Russia’s Sherpa in BRICS
Mode details
28.11.2024

Winners of 7th BRICS Young Innovators Prize Announced

The winners of the 7th BRICS Young Innovators Prize were announced on 28 November at the 4th Young Scientists Congress at Sirius
Mode details
28.11.2024