Information Security Administrator
And nformatsionnaya security of any company plays an important role in ensuring its effective and profitable operations. The duties of the information security administrator include organizing the protection of personal data and information related to commercial secrets. The administrator is an employee of the information security service of the enterprise. All software and hardware means of information protection are at his disposal.
The administrator's instruction, defining his rights and functions, was developed in accordance with the requirements of state regulatory documents.
The task of the IS administrator is to control the effectiveness of information protection, the use of the necessary software and hardware security tools.
The administrator functions are:
1. Verification of compliance with safety rules when working with classified information processed on computers and with the help of electronic computing equipment;
2. Accounting for personal data of employees who have access to the information system (registration or deletion of user accounts);
3. Delimitation of personnel access to certain types of information, making the necessary adjustments;
4. Issuance of electronic and paper carriers with classified information;
5. Providing periodic change of passwords for entering the system;
6. Control over compliance with job descriptions, as well as rules for printing, registration and accounting of classified documents and materials;
7. Checking the information remaining on the hard disks of the PC at the end of the work of employees, ensuring the current anti-virus protection;
8. Creation and issuance of electronic keys for entering the information security system and access to classified information within the established restrictions;
9. Checking the integrity of seals and protective signs on the body of personal electronic devices. Monitoring their opening and typing during setup or repair.
The person responsible for the security of information has the right to require personnel to comply with the established standards for working with classified materials and their safe storage. He participates in the investigation of the facts of penetration of strangers into the data processing system, obtaining unauthorized access to classified information.
This employee has the right to suspend the processing of classified information in the following cases:
- in case of violation of safety rules by personnel, as well as in the event of a failure in the operation of software and hardware for information protection;
- at the end of the validity period of the certificates of the FSB or FSTEC of the Russian Federation for the compliance of hardware with security requirements;
- upon detection of attempts to conduct technical intelligence in the information security system.
The IS administrator is responsible for ensuring reliable protection and security of information, the disclosure of which threatens the company with losses or loss of reputation. He is responsible for the availability and serviceability of software and hardware, their compliance with state certificates. His responsibilities include timely software updates, control over the procedure for processing and storing classified materials. He must promptly respond to the emergence of risks of information leakage, participate in the investigation of violations of security rules.
For companies that do not yet have an information security service, there is an alternative solution - an information security outsourcing service , which includes the installation and maintenance of special software.