In today's world the concept of "information security policy" can be interpreted as a broad and in a narrow sense.As to the first, broader meaning, it refers to a comprehensive system of decisions taken some kind of organization that is officially documented and are aimed at ensuring the safety of the enterprise.In the narrow sense of this notion lies the local paper, which stipulated requirements for the safety system of the measure, the responsibility of employees and control mechanism.
comprehensive information security policy is a guarantee of stable operation of any company.Comprehensiveness is its reasonableness and balance the degree of protection, and the development of proper measures and controls in the case of any violations.
All organizational methods play an important role in creating a robust information protection schemes because the illegal use of the information is a result of malicious acts, negligence of staff, rather than technical problems.To achieve a good result you need a complex interaction of organizational, legal and technical measures to exclude any unauthorized access to the system.
Information security - a guarantee of quiet work the company and its stable development.However, based on the construction of high-quality security system should be based on the answers to these questions:
-
What data system, and what the severity of protection required?
-
Who is able to harm the company by means of a violation of information system and who can use the information obtained?
-
How can we reduce this risk to a minimum without compromising the well-coordinated work of the organization?
concept of information security, thus should be developed individually for a particular company and in accordance with its interests.The main role in its quality characteristics play arrangements, which include:
-
Organization established system of access control.This is done to avoid secret and unauthorized entry into the territory of other persons, as well as control over the personnel of the organization stay in the room and the time of his departure.
-
work with the staff.Its essence lies in the organization of interaction with staff recruitment.Yet it is important to familiarize with them, training and learning the rules of working with information that employees know the scope of its secrecy.
-
Information Security Policy also provides a structured use of technical means aimed at accumulation, collection and storage of information, increased confidentiality.
-
Carrying out activities aimed at control of the personnel in terms of its use of classified information and the development of measures to ensure its protection.
The costs of this policy shall not exceed the amount of potential damage, which will be received as a result of its loss.
information security policy should pay considerable attention to the processing of information by automated systems: regardless of operating computers and local area networks.It is necessary to correctly determine the security of servers, gateways, as well as rules on the use of removable storage media.
information security policy and its effectiveness depends on the number of claims presented to it by the companies that reduce the risk to the desired value.