/ / Information security specialist - requirements for the profession

Information security specialist - requirements for the profession

At modern enterprises the systeminformation security can fail and become vulnerable, which entails large financial losses. The profession of "information security specialist" includes in the scope of official duties the restriction of access to unauthorized persons and the observance of other necessary measures.

Professional duties of a specialist

Enterprises resort to technology,allowing to ensure the safety of information. To do this, the most important materials are encrypted. And the password and the key for access to them is not the system administrator, but the security service. Business units exchange information via encrypted channels. Information stored in mail systems or business applications is protected by special systems that protect against leaks. But apart from technical techniques, the human factor is also important.

Graduates of higher education institutions who received a profession"an expert in the protection of information," sometimes incorrectly rely only on his strength and knowledge. In practice, they have to enlist the support of all employees of the organization and study the resources of the information system entrusted to them. The specialist is obliged to create models of alleged threats and to anticipate possible leakage of information. To do this, he must know the objective value of commercial information, the characteristics of the local network, computers and connected equipment. In this case, an information security specialist is required to monitor the status of software, updates and operating systems installed on service computers. His sphere of interest includes a detailed study of the job descriptions of the organization's employees, this is necessary to assess and identify a likely violator.

It is necessary to know that information, as a rule,must be prepared and processed in order to apply expert judgment to it. With the help of the approval sheet, the responsibility for the quality of the document being developed is shared among expert experts. Very useful meetings are held on individual issues with the head of the enterprise. Typically, an information security specialist is included in various commissions dealing with the protection of information and personal data.

To create a mode of commercial secrecy, amongemployees of the enterprise distribute special questionnaires. Their filling helps to get expert assessments of a lawyer, an accountant, a personnel officer and other employees of the organization. As a result, a list of confidential information is compiled.

It is important that a specialist engaged in protectioninformation, coordinated their actions with the security service. These two structures are inseparable and complementary. After all, the means used by enterprise security - throughput, signaling, video surveillance - serve to protect information. Data that is in security systems, such as a pass database, video surveillance records, must be protected from unauthorized access.

With lawyers, an information security engineer communicatesas densely as with information technology specialists. They can provide invaluable assistance in the legal coverage of issues, prompt how to understand individual articles of laws.

Legal basis of the question

Specialists involved in the protection of information insphere of business, rely in their work on the Federal Law, adopted in 1995. Changes were made in 2003. It regulates the basic relations that arise during the creation, storage and distribution of information resources.

The official duties of a specialist described ingiven the material, allow us to conclude that the protection of information is a set of actions for its identification, collection, peer review and ensuring confidentiality, excluding its leakage.