The company JSC “NBI” designs information security and data protection subsystems for newly created or modernized information systems and services, taking into account customer requirements as well as regulatory documents in the field of information protection processed in information systems and services.
The organization provides a full cycle of work with an information system: from development and design to implementation and maintenance.
JSC “NBI”’s experience in designing information security and data protection subsystems, including those handling state secrets, is confirmed by the successful implementation of the company’s developed information systems and services, as well as by customer feedback.
The company’s products are included in the Ministry of Industry and Trade of the Russian Federation’s register of domestic software recommended for use under the import substitution policy.
We have been working with state enterprises for over a quarter of a century.
Services for Designing Information Security and Data Protection Subsystems
Transitioning to the software required by the customer is always accompanied by certain challenges. Based on the customer’s technical requirements, JSC “NBI” develops a technical project for the future information system, which, among other things, addresses issues of information security and data protection, considering the purpose of the future information system, the level and types of information to be processed, processing algorithms, the number of users, etc.
JSC “NBI” specialists perform the full range of work on designing information security and data protection subsystems, including ensuring that the developed information system is certified by FSTEC of Russia for compliance with the required information protection level.
For an enterprise, it is more convenient and cost-effective to entrust the design, implementation, and maintenance of an information system to professionals. When creating an information infrastructure, it is important to ensure that restricted information is not accessible to unauthorized individuals. In designing information systems, JSC “NBI” also analyzes potential information leakage channels and proposes practical measures to prevent and counter such leaks.
Protection Tools
The security of data depends on a well-built information security system. Access to information in an information system is controlled, and restrictions are set on certain user actions. When designing information systems, the company adheres to three main principles of working with information:
- Confidentiality;
- Integrity;
- Availability.
To protect against unauthorized access, information systems use identification and authentication mechanisms. A user can access the system by confirming their identity and access rights using a password, an electronic key, or biometric data. For stronger protection, multiple identification methods can be combined.
After user authorization, the system verifies the user’s permissions, for example, to view or edit specific information. The company uses the RBAC model for access control. In this model, roles are assigned to users, and access to information directly depends on their role.
The company takes customer requirements into account when developing solutions for information protection during the design of information security subsystems.
Availability of Required Licenses
In the Russian Federation, licenses for activities related to the design and development of information systems processing restricted information are issued by the FSB and FSTEC.
The presence of a license guarantees that the company meets certain requirements for working with restricted information, in particular:
- The company’s employees involved in designing the information system have the necessary level of clearance to work with restricted information;
- The company’s premises meet security requirements;
- The company’s employees have relevant work experience and specialized education in information security and data protection.
When choosing a contractor for designing and developing information security and data protection subsystems, it is important to verify that they hold the necessary licenses.
JSC “NBI” holds a number of licenses for activities such as developing and producing information protection tools, providing technical information protection, performing work involving state secrets, and more. Most of the licenses are issued without an expiration date, confirming the company’s high level of expertise in information protection.