Information Security Officer
Officers involved in the protection of information providing a more voluminous duties compared with the administrator or manager, working in the same direction at a private company. This is due to the protection of state secrets and work in secrecy. Most often these are military and government employees. However, such a position can also be found in business. It all depends on what "name" the leadership will give the job.
The essence of the work
Regardless of the name of the position, the work of a specialist is directly related to ensuring the safety of classified information. And it doesn't matter whether a person works as a separate staff unit or as part of a structural unit.
Among the skills are welcomed:
- the ability to get along with people - interaction with all departments and departments of the enterprise;
- experience in introducing new means and methods of information protection;
- knowledge in the field of IT technologies and physical security of personnel, premises and territories of the organization;
- legal literacy - knowledge of the legal basis of information protection;
- theoretical and practical skills of cryptography;
- experience in system administration;
- knowledge of international information security standards;
- the ability to predict possible threats;
- knowledge of English.
An information security candidate must know more than just computer technology. But also the legislation in the field of information security, the procedure for organizing the protection of territory and premises. It's not enough to be a computer genius, you also need to have social skills. To be able to motivate people to work for the good of the company, and not to arrange sabotage, to disseminate classified data.
The essence of the work of specialists:
- classification of sensitive information, prioritizing security and differentiating access to it;
- development of internal information security regulations and security policies;
- maintenance and modification of the automated information system;
- control over the fulfillment of the requirements of the IS service by personnel when working with classified information, conducting briefings;
- search and elimination of information leakage channels;
- implementation of cryptographic protection of information;
- verification of the personnel of third-party companies performing any work related to the organization's software;
- implementation and control of the use of new methods and means of data protection;
- work with ready-made documents in the field of information security, development of new ones if necessary;
- organization of a regime of access to classified information, including state secrets, for authorized users at any time they need;
- organization of a secrecy regime when carrying out any work with information that is a state secret;
- record keeping within the powers of the information security service;
- interaction with regulatory authorities.
In order to protect information, citizens of the Russian Federation liable for military service are prohibited from using social networks due to the risk of spreading classified information in the process of communicating and publishing personal data (information about oneself, photographs and videos).
This is a general list of job responsibilities for an information security officer. In practice, the set of tasks depends on the size of the enterprise or institution and the specifics of its work.