I. General provisions
1.1. Information Security Specialist belongs to the category
specialists, is hired and fired from it by order
the head of the enterprise on the proposal of the head of the protection department
information.
1.2. For the position of an information security specialist of the 1st category
a person is appointed who has a higher professional (technical)
education and work experience as an information security specialist II
categories of at least ______ years; as a security specialist
information category II - a person with a higher professional
(technical) education and work experience as a security specialist
information or other positions filled by specialists with higher
vocational education, at least _________ years; for the position
information security specialist - a person who has a higher professional
(technical) education, without presenting requirements for work experience.
1.3. The Information Security Officer reports directly to
________________________________________________________________________.
1.4. In his work, an information security specialist
guided by:
- legislative and regulatory documents on issues
ensuring the protection of information;
- methodological materials related to relevant issues;
- the charter of the enterprise;
- labor regulations;
- orders and orders of the director of the enterprise
(immediate supervisor);
- this job description.
1.5. The Information Security Specialist should know:
- legislative acts, normative and teaching materials on
issues related to ensuring the protection of information;
- specialization of the enterprise and features of its activity;
- production technology in the industry;
- equipping computer centers with technical means,
prospects for their development and modernization;
- a system for organizing the comprehensive protection of information operating in
industries;
- methods and means of monitoring protected information, identifying channels
information leaks, organization of technical intelligence;
- methods of planning and organization of protection works
information and ensuring state secrets;
- technical means of control and protection of information, prospects and
directions for their improvement;
- methods for conducting special studies and inspections, works on
protection technical means transmission, processing, display and storage
information;
- the procedure for using abstract and reference and information
publications, as well as other sources of scientific and technical information;
- achievements of science and technology in the country and abroad in the field of
technical intelligence and information protection;
- methods and means of performing calculations and computational work;
- fundamentals of economics, organization of production, labor and management;
- basics of labor legislation Russian Federation;
- rules and regulations of labor protection, safety measures,
industrial sanitation and fire protection;
- _________________________________________________________________.
1.6. During the absence of an information security specialist
(business trip, vacation, illness, etc.) his duties are performed by a person
assigned in due course. This person acquires
relevant rights and is responsible for the proper implementation
the duties assigned to him.
II. Functions
The Information Security Specialist is responsible for the following:
2.1. Ensuring comprehensive information protection, compliance
state secret.
2.2. Participation in the survey, certification and categorization of objects
protection.
2.3. Development of organizational and administrative documents,
regulating the work on the protection of information.
2.4. Determining the need for technical means of protection and
control.
2.5. Requirements check normative documents for the protection
information.
III. Job Responsibilities
In order to perform the functions assigned to him, the protection specialist
information must:
3.1. Perform complex work related to the provision of integrated
information protection based on the developed programs and methods, compliance with
state secret.
3.2. Collect and analyze materials from institutions, organizations and
enterprises of the industry in order to develop and adopt decisions and measures to
ensuring the protection of information and the efficient use of funds
automatic control, detection of possible channels of information leakage,
representing state, military, official and commercial secrets.
3.3. Analyze existing methods and tools used for
control and protection of information, and develop proposals for their
improving and increasing the effectiveness of this protection.
3.4. Participate in the inspection of objects of protection, their certification and
categorization.
3.5. Develop and prepare for approval draft normative and
methodological materials regulating the work on information protection, and
as well as regulations, instructions and other organizational and administrative
documents.
3.6. Organize the development and timely submission
proposals for inclusion in the relevant sections of promising and
current work plans and programs of measures to control and protect information.
3.7. Give feedback and opinions on projects of newly built and
reconstructed buildings and structures and other developments on
ensuring the protection of information.
3.8. Participate in the review terms of reference on the
design, draft, technical and working projects, provide them
compliance with applicable regulatory and methodological documents, as well as in
development of new circuit diagrams of control equipment, means
automation of control, models and systems of information security, assessment
technical and economic level and efficiency of the proposed and implemented
organizational and technical solutions.
3.9. Determine the need for technical means of protection and
control, draw up applications for their purchase with the necessary
justifications and calculations for them, control their delivery and
usage.
3.10. To check compliance with the requirements of intersectoral and
industry regulatory documents on information security.
IV. Rights
The information security specialist has the right to:
4.1. Get acquainted with the draft decisions of the company's management,
relating to his activities.
4.2. Submit proposals for consideration by management
improvement of the work related to the duties stipulated
this instruction.
4.3. Receive from leaders structural divisions,
information and documents necessary for the performance of their
official duties.
4.4. Involve specialists from all structural divisions
enterprise to solve the duties assigned to it (if it is
provided for by the provisions on structural divisions, if not - with
permission of the head of the enterprise).
4.5. Require the management of the enterprise to assist in
performance of their duties and rights.
V. Responsibility
The Information Security Specialist is responsible for:
5.1. For failure to perform (improper performance) of their official
duties set out in this job description
within the limits set labor law Russian Federation.
5.2. For those committed in the course of carrying out their activities
offenses - within the limits determined by administrative, criminal and
civil legislation of the Russian Federation.
5.3. For causing material damage- within the limits
labor, criminal and civil legislation of the Russian Federation.
In the open spaces, ConsultantPlus unexpectedly found a rather amusing form of a job description for a specialist in ensuring information security in key information infrastructure systems. As an unknown author says, "the form was prepared using legal acts as of 02/03/2014."
Interesting, but sometimes controversial (debatable) provisions. For those who deal with the topic of protecting the KVO, it may be useful to familiarize yourself with the aspen moments, they are further.
name="more">1.1. Real job description defines functional responsibilities, rights and responsibilities of an information security specialist in key information infrastructure systems _______________ (hereinafter referred to as the Organization).
1.5. An information security specialist in key information infrastructure systems should know:
Laws and other regulatory legal acts of the Russian Federation regulating relations related to the protection of state secrets and other restricted information; regulatory and methodological documents on issues related to information security;
The management, communication and automation structure and the main elements of the Organization's key information infrastructure system;
Access control subsystems, attack detection subsystems, subsystems for protection against intentional influences, information integrity control;
The procedure for creating a secure channel between interacting objects through a public system using dedicated communication channels;
The procedure for performing authentication of interacting objects and verifying the identity of the sender and the integrity of the data transmitted through the public system;
Equipment of the Organization with basic and auxiliary technical means and systems, prospects for their development and modernization;
Prospects and directions for the development of methods and means of technical and software and hardware means of protecting information from destructive information influences;
The procedure for designing and certification of informatization objects; monitoring the effectiveness of information protection at informatization objects;
The procedure for monitoring the use open channels radio communications;
Methods and tools for identifying threats to information security, methods for identifying information leakage channels;
Methods for conducting scientific research, development on the technical protection of information;
The procedure for examining key information infrastructure systems, drawing up inspection reports, test reports, instructions for the right to operate special means ensuring the security of information, as well as regulations, instructions and other organizational and administrative documents;
Powers on information security issues, the possibilities and procedure for using standard technical means of ensuring information security and monitoring their effectiveness;
Methods for analyzing the results of inspections, accounting for violations of information security requirements;
Methodology for preparing proposals, methods and means of performing computational work in the interests of planning, organizing and carrying out work to ensure the security of information and ensure state secrets;
Achievements of science and technology in the country and abroad in the field of technical intelligence and information protection;
Methods for assessing the professional level of information security specialists, certification of specialists;
Basics of labor legislation;
Rules on labor protection and fire safety.
2. FUNCTIONAL RESPONSIBILITIES
Information security specialist in key information infrastructure systems:
2.1. Performs activities to ensure the security of information in key systems of the information infrastructure.
2.2. Identifies possible threats to information security, software and hardware vulnerabilities, develops intrusion detection technologies, evaluates and reassesses the risks associated with threats of destructive information impacts that can damage systems and networks due to unauthorized access, disclosure, modification or destruction of information and information resources. control systems.
2.3. Defines restrictions on information input, procedures for managing security incidents and preventing their development, the procedure for connecting to open information systems, taking into account security associated with agreements on access and prioritization of resources, requirements for backup storage, processing and copying of information, service priorities for use of main and backup telecommunication services (services).
2.4. Develops procedures for protecting information carriers, communications and restoring information and control systems after a failure or failure.
2.5. Carries out control over activities to ensure the security of information in key systems of the information infrastructure; informational, logistical and scientific and technical support of information security; monitoring the status of work to ensure the security of information in key systems of the information infrastructure and their compliance with the regulatory legal acts of the Russian Federation.
2.6. Gives feedback and opinions on projects of newly created and modernized facilities and other developments on the issues of ensuring information security in key information infrastructure systems.
2.7. Participates in the review of technical specifications for research and development work to ensure the security of information in key information infrastructure systems, assesses their compliance with current regulatory and methodological documents.
2.8. Participates in the implementation of new means of technical protection of information.
2.9. Promotes the dissemination of best practices in the Organization and the introduction of modern organizational and technical measures, means and methods for ensuring the security of information in key systems of the information infrastructure.
2.10. Conducts assessments of the technical and economic level and effectiveness of the proposed and implemented organizational and technical solutions to ensure the security of information in key information infrastructure systems.
2.11. Develops lists of personnel access to protected objects, procedures and rules for the behavior of employees, including when they are moved, dismissed and interact with personnel of third-party organizations.
2.12. Supervises and trains staff on how to crisis situations, including procedures for management and other responsible persons key information infrastructure systems.
I. General provisions
1. For the position:
An information security specialist is appointed a person who has a higher professional (technical) education without presenting requirements for work experience;
Category II information security specialist - a person with a higher professional (technical) education and work experience in the position of an information security specialist or other positions filled by specialists with higher professional education for at least 3 years;
Information security specialist of category I - a person with a higher professional (technical) education and work experience as an information security specialist of category II for at least 3 years.
2. Appointment to the position of an information security specialist and dismissal from it is carried out by order of the director of the enterprise on the proposal of the head of the information security department.
3. The information security specialist must know:
3.1. Legislative acts, regulatory and methodological materials on issues related to information security.
3.2. Specialization of the enterprise and features of its activity.
3.3. production technology in the industry.
3.4. Equipment of computing centers with technical means, prospects for their development and modernization.
3.5. The system of organization of complex protection of information operating in the industry.
3.6. Methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence.
3.7. Methods for planning and organizing work to protect information and ensure state secrets.
3.8. Technical means of control and protection of information, prospects and directions for their improvement.
3.9. Methods for conducting special studies and inspections, works to protect the technical means of transmission, processing, display and storage of information.
3.10. The procedure for using abstract and reference publications, as well as other sources of scientific and technical information.
3.11. Achievements of science and technology in the country and abroad in the field of technical intelligence and information protection.
3.12. Methods and means of performing calculations and computational work.
3.13. Fundamentals of economics, organization of production, labor and management.
3.14. Fundamentals of labor legislation.
3.15. Rules and norms of labor protection, safety measures, industrial sanitation and fire protection.
4. The information security specialist reports directly to (the head of the information security department; the public information security specialist)
5. During the absence of an information security specialist (vacation, illness, etc.), his duties are performed by a duly appointed person. This person acquires the appropriate rights and is responsible for the proper performance of the duties assigned to him.
II. Job Responsibilities
Information protection specialist:
1. Performs complex work related to ensuring the comprehensive protection of information based on the developed programs and methods, observing state secrets.
2. Collects and analyzes materials from institutions, organizations and enterprises of the industry in order to develop and make decisions and measures to ensure the protection of information and the effective use of automatic control tools, detect possible channels for leaking information representing state, military, official and commercial secrets.
3. Analyzes the existing methods and means used to control and protect information, and develops proposals for their improvement and increasing the effectiveness of this protection.
4. Participates in the examination of objects of protection, their certification and categorization.
5. Develops and prepares for approval draft regulatory and methodological materials governing the work on information protection, as well as regulations, instructions and other organizational and administrative documents.
6. Organizes the development and timely submission of proposals for inclusion in the relevant sections of long-term and current work plans and programs of measures to control and protect information.
7. Gives feedback and opinions on projects for newly built and reconstructed buildings and structures and other developments on issues of information security.
8. Participates in the review of technical specifications for design, draft, technical and working projects, ensures their compliance with current regulatory and methodological documents, as well as in the development of new circuit diagrams of control equipment, control automation tools, models and information security systems, assessment of the technical and economic the level and effectiveness of the proposed and implemented organizational and technical solutions.
9. Determines the need for technical means of protection and control, draws up applications for their purchase with the necessary justifications and calculations for them, controls their supply and use.
10. Checks compliance with the requirements of intersectoral and sectoral regulatory documents on information security.
III. Rights
The information security specialist has the right to:
1. Get acquainted with the draft decisions of the management of the enterprise regarding its activities.
2. Submit proposals for the management to improve the work related to the provisions of this responsibilities.
3. Within the limits of his competence, inform his immediate supervisor of all shortcomings in the activities of the enterprise (its structural divisions) identified in the course of the performance of official duties and make proposals for their elimination.
4. To request personally or on behalf of his immediate supervisor from specialists of departments information and documents necessary for the performance of his official duties.
5. Involve specialists from all (individual) structural divisions in solving the tasks assigned to it (if it is provided for by the regulations on structural divisions, if not, then with the permission of their heads).
6. Require from his immediate supervisor, the management of the enterprise to assist in the performance of his duties and rights.
IV. A responsibility
The Information Security Specialist is responsible for:
1. For improper performance or non-performance of their official duties provided for by this job description - to the extent determined by the current labor legislation of the Russian Federation.
2. For offenses committed in the course of carrying out their activities - within the limits determined by the current administrative, criminal and civil legislation of the Russian Federation.
3. For causing material damage - within the limits determined by the current labor and civil legislation of the Russian Federation.
On the modern enterprises system information security can fail and become vulnerable, which entails large financial losses. The profession "specialist in information protection" includes in the scope of duties the restriction of access by unauthorized persons and the observance of other necessary measures.
Job responsibilities of a specialist
Enterprises are turning to technology to ensure the security of information. For this, the most important materials encrypt. Moreover, it is not the system administrator who has the password and the key to access them, but the security service. Business units exchange information over encrypted channels. Information located in mail systems or business applications is protected by special systems that protect against leaks. But in addition to technical methods, it is also important
Graduates of universities who have received the profession of "specialist in information security" sometimes incorrectly rely only on their own strengths and acquired knowledge. In practice, they have to enlist the support of all employees of the organization and study the resources of the information system entrusted to them. The specialist is obliged to create models of alleged threats and anticipate possible information leaks. To do this, he must know the objective value of commercial information, characteristics local network, computers and connected equipment. At the same time, the information security specialist is obliged to monitor the status software, updates and operating systems installed on office computers. His area of interest also includes a detailed study of the job descriptions of the employees of the organization, this is necessary to assess and identify a potential violator.
You need to know that information, as a rule, must be prepared and processed in order to apply expert judgment to it. With the help of the approval list, responsibility for the quality of the document being developed is distributed among expert experts. Meetings on individual issues with the head of the enterprise are very useful. As a rule, an information security specialist is included in various commissions related to the protection of information and personal data.
It is important that the information security specialist coordinates his actions with the security service. These two structures are inseparable and complement each other. After all, the means used by the security of the enterprise - access control, alarm, video surveillance - serve to protect information. Data that is in security systems, such as a database of passes, video surveillance records, must be protected from
With lawyers, an information security engineer communicates just as closely as with information technology specialists. They can provide invaluable assistance in legal coverage of issues, suggest how to understand individual articles of laws.
Legal basis question
Business information security professionals rely on the federal law adopted in 1995. Changes were made in 2003. It regulates the main relationships that arise during the creation, storage and distribution
The job responsibilities of a specialist described in this material allow us to conclude that information protection is a set of actions to identify it, collect it, expert assessment and ensure confidentiality, which excludes its leakage.
We bring to your attention a typical example of a job description for a chief information security specialist, a sample of 2019. should include the following sections: general position, duties of the chief information security specialist, rights of the chief information security specialist, responsibility of the chief information security specialist.
Job description of the chief information security specialist belongs to the section Industry-wide qualification characteristics positions of employees employed at enterprises, institutions and organizations".
The job description of the chief information security officer should reflect the following items:
Responsibilities of the Chief Information Security Specialist
1) Job responsibilities. Manages the implementation of work on the comprehensive protection of information in the industry, enterprise, institution, organization, ensuring the effective application of all available organizational and engineering measures in order to protect information constituting a state secret. Participates in the development of technical policy and determination of the prospects for the development of technical means of control, organizes the development and implementation of new technical and software-mathematical means of protection that exclude or significantly impede unauthorized access to official information constituting a state or commercial secret. Participates in the review of technical specifications for product designs, research and development work to be protected, monitors the inclusion in them of the requirements of regulatory, technical and methodological documents on information security and the fulfillment of these requirements. Prepares proposals for inclusion in the plans and work programs of organizational and engineering measures to protect information systems. Participates in the development of secure information technologies meeting the requirements of complex information protection. Organizes the scientific research work in the field of improving information security systems and increasing their efficiency. Performs the whole complex (including especially complex) of work related to the control and protection of information, based on the developed programs and methods. Organizes the collection and analysis of materials on possible channels of information leakage, including through technical channels, in the course of research and development related to the creation and production of special products (products) necessary for work to ensure the protection of information. Ensures the coordination of ongoing organizational and technical measures, the development of methodological and regulatory materials and the provision of the necessary methodological assistance in carrying out work on protecting information, evaluating technical economic efficiency proposed and implemented organizational and technical solutions. Organizes work on the collection and systematization of the necessary information about the objects to be protected and protected information, provides methodological guidance and control over the work on assessing the technical and economic level and effectiveness of the developed information protection measures. Leads the work on summarizing data on the need for technical and software-mathematical means of protecting information, control equipment, drawing up applications for the manufacture of these means, organizing their receipt and distribution among the objects of protection. Promotes the dissemination of best practices and the introduction of modern organizational and technical measures, means and methods of information protection in order to increase its effectiveness. Provides control over compliance with regulatory requirements technical documentation, for compliance with the established procedure for the performance of work, as well as the current legislation when resolving issues related to the protection of information. Coordinates the activities of departments and specialists in information security in the industry, at the enterprise, in the institution, organization.
The Chief Information Security Officer should know
2) Chief Specialist for information security in the performance of their duties must know: legislative and regulatory legal acts on state secrets; documents defining the main directions of economic and social development industries; regulatory and methodological materials on issues related to information security; prospects for development, specialization and activities of the institution, organization, enterprise and their divisions; the nature of interaction between departments in the process of research and development and the procedure for passing official information; a system for organizing complex information protection, operating in the industry, institution, organization, enterprise; prospects and directions of development of technical and software - mathematical means of information protection; methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence; methods of planning and organization of scientific research, development, performance of work on information protection; the procedure for concluding contracts for the conduct of special studies and inspections, work on the protection of technical means of transmission, processing, display and storage of information; domestic and foreign experience in the field of technical intelligence and information protection; fundamentals of economics, organization of production, labor and management; labor protection rules and regulations.
Requirements for the qualification of the chief information security specialist
3) Qualification requirements. Higher professional (technical) education and work experience in information security for at least 5 years.
1. General Provisions
1. The chief information security officer belongs to the category of managers.
2. A person with a higher professional (technical) education and at least 5 years of work experience in information security is accepted as the chief information security specialist.
3. The chief information security specialist is hired and dismissed _______ (director, manager) organizations on the submission of _________ (position).
4. The chief information security officer must know:
- legislative and regulatory legal acts on state secrets;
- documents defining the main directions of economic and social development of the industry;
- regulatory and methodological materials on issues related to information security;
- prospects for development, specialization and activities of the institution, organization, enterprise and their divisions;
- the nature of interaction between departments in the process of research and development and the procedure for passing official information;
- a system for organizing complex information protection, operating in the industry, institution, organization, enterprise;
- prospects and directions of development of technical and software-mathematical means of information protection;
- methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence;
- methods of planning and organization of scientific research, development, performance of work on information protection;
- the procedure for concluding contracts for the conduct of special studies and inspections, work on the protection of technical means of transmission, processing, display and storage of information;
- domestic and foreign experience in the field of technical intelligence and information protection;
- fundamentals of economics, organization of production, labor and management; labor protection rules and regulations.
5. In his activities, the chief information security specialist is guided by:
- the legislation of the Russian Federation,
- Charter (regulations) of the organization,
- orders and orders ________ (CEO, director, leader) organizations,
- this job description,
- The internal labor regulations of the organization.
6. The chief information security specialist reports directly to: ________ (position).
7. During the absence of the chief information security specialist (business trip, vacation, illness, etc.), his duties are performed by the person appointed ________ (position) of the organization in the prescribed manner, who acquires the appropriate rights, duties and is responsible for the performance of the duties assigned to him .
2. Job responsibilities of the chief information security specialist
Chief Information Security Specialist:
1. Manages the implementation of work on the comprehensive protection of information in the industry, enterprise, institution, organization, ensuring the effective application of all available organizational and engineering measures in order to protect information constituting a state secret.
2. Participates in the development of technical policy and determination of prospects for the development of technical means of control, organizes the development and implementation of new technical and software-mathematical means of protection that exclude or significantly hinder unauthorized access to official information constituting a state or commercial secret.
3. Participates in the review of technical specifications for product designs, research and development work to be protected, monitors the inclusion in them of the requirements of normative-technical and methodological documents on information security and the fulfillment of these requirements.
4. Prepares proposals for inclusion in the plans and work programs of organizational and engineering measures to protect information systems.
5. Participates in the creation of secure information technologies that meet the requirements of comprehensive information protection.
6. Organizes research work in the field of improving information security systems and increasing their efficiency.
7. Performs the whole range (including especially complex) of work related to the control and protection of information, based on the developed programs and methods.
8. Organizes the collection and analysis of materials on possible channels of information leakage, including through technical channels, in the course of research and development related to the creation and production of special products (products) necessary for work to ensure the protection of information.
9. Ensures the coordination of ongoing organizational and technical measures, the development of methodological and regulatory materials and the provision of the necessary methodological assistance in carrying out work to protect information, assess the technical and economic efficiency of the proposed and implemented organizational and technical solutions.
10. Organizes the work on collecting and systematizing the necessary information about the objects to be protected and protected information, provides methodological guidance and control over the work on assessing the technical and economic level and the effectiveness of the developed information protection measures.
11. Leads the work on summarizing data on the need for technical and software-mathematical means of protecting information, control equipment, drawing up applications for the manufacture of these means, organizing their receipt and distribution among the objects of protection.
12. Promotes the dissemination of best practices and the introduction of modern organizational and technical measures, means and methods of information protection in order to increase its effectiveness.
13. Provides control over compliance with the requirements of regulatory and technical documentation, compliance with the established procedure for performing work, as well as the current legislation when resolving issues related to information protection.
14. Coordinates the activities of departments and information security specialists in the industry, at the enterprise, in the institution, organization.
3. Rights of the Chief Information Security Officer
The Chief Information Security Officer has the right to:
1. Submit proposals for management consideration:
- to improve the work related to the duties provided for in this instruction,
- on the encouragement of distinguished workers subordinate to him,
- about attraction to material and disciplinary responsibility workers who violated production and labor discipline.
2. Request from structural divisions and employees of the organization the information necessary for him to perform his duties.
3. Get acquainted with the documents that define his rights and obligations in his position, the criteria for assessing the quality of performance of official duties.
4. Get acquainted with the draft decisions of the organization's management regarding its activities.
5. Require the management of the organization to provide assistance, including the provision of organizational and technical conditions and execution of the established documents necessary for the performance of official duties.
6. Other rights established by the current labor legislation.
4. Responsibilities of the Chief Information Security Officer
The Chief Information Security Officer is responsible for the following:
1. For improper performance or non-performance of their official duties provided for by this job description - within the limits established by the labor legislation of the Russian Federation.
2. For offenses committed in the course of their activities - within the limits established by the current administrative, criminal and civil legislation of the Russian Federation.
3. For causing material damage to the organization - within the limits established by the current labor and civil legislation of the Russian Federation.
Job description of the chief information security specialist - sample 2019. Job responsibilities of the chief information security specialist, rights of the chief information security specialist, responsibility of the chief information security specialist.
How to disable ads on Android: remove pop-up ads
The Russian received a term and a million fine for "piracy Negative consequences of the law
Identification of key factors
The criteria for classifying organizations and individual entrepreneurs as small and medium-sized businesses have changed
See what "Royalty" is in other dictionaries Pitfalls of legislation