On the other side of the screen: information guard

At work, I often attend events and be trained in information security and countering foreign technical intelligence services. Today, special attention is paid to this direction and different situations are simulated. However, of particular interest is the possibility of live communication with representatives of organizations from various sectors of the economy.

Often piquancy is added by that it is possible to appear in an environment absolutely various professionals holding a wide range of positions, not always obviously indicating their belonging to a caste of guards of information. Today I want to tell you about this direction and to stop at work of each of them.

Information-the very point of support, with which you can turn the world.

Classically, the information security of the organization is the responsibility of the information security engineer and information security specialist. One is assigned to the technical side of the issue, and the second closes questions on the regulatory framework and oversees user activity, considering deviations in behavior, analyzing risks and making decisions based on incoming data. In most cases, these positions are combined and can be called information security officer.

For a person from the outside, this work may seem boring and not interesting - constant digging in policies, setting access rights, monitoring and development of teaching materials. I want to assure you that in fact, this person processes the largest amount of information in your company, engaged in monitoring the channels through which it circulates. The more personal information you enter into your work PC and smartphone, the faster increases your virtual dossier.

In the workplace, you should never enter or accept information that is critical to you and you would not want to share it with someone. Passwords from mobile banks, social networks and email services. By entering them once, you automatically provide them to the employer. Therefore, in case of moving to another place, I recommend to update all passwords immediately. Of course, no one will run to cash out your Bank account or send spam to friends on your behalf, but to leave the access keys where you do not have contractual obligations, in my opinion it is not desirable.

Existing DLP systems, and similar devices, allow on-the-fly to analyze all events and to inform the specialists, just about the most important, according to the chosen scenario.

Leakage prevention (eng. Data Leak Prevention (DLP)-technologies to prevent leakage of confidential information from the information system to the outside, as well as technical devices (software or hardware) to prevent such leakage.
DLP-systems are based on the analysis of data flows crossing the perimeter of the protected information system. When detecting confidential information in this stream, the active component of the system is triggered, and the message (packet, stream, session) is blocked.

For secondary functionality, it is an excellent tool for monitoring the employee's working time. Therefore, one should not hope that the employer is not motivated in the control of human resources. This is an opportunity to optimize the wage fund, whereas inside attacks or leaks are quite rare, and for the most part they catch people engaged in part-time job on the side in your free time. I happened to chat with the staff, where jobs are in monitors are always present camera, through which the officers keep an eye on suspicious employees.

Despite the possible strict control, the security officer may have hands tied, due to the peculiarities of the legislation. Despite the fact that the automated workplace belongs to the employer, the mystery of personal correspondence does not allow to fully work with violators. Of course, each experienced specialist will have a set of tricks, in order to catch the hand, but usually it ends in a private conversation, after which an unscrupulous employee writes a statement of his own free will.

Under the new legislation, a number of significant changes are taking effect.

The Federal law N 187-FZ "On safety of critical information infrastructure of the Russian Federation" is the first case in Russia when the law covering the widest range of branches at the same time comes into force (the banking sphere, communication, health care, science, industry, etc.). This is the first precedent when the law not only gives regulatory recommendations, but also obligates to be protected from computer attacks, introduces assessment of requirements and mechanisms of protection of critical information systems.
The implementation of the law will be regulated by the FSTEC of Russia, which establishes security requirements and verifies their implementation, and the FSB of Russia, whose powers include assessing the real security of information systems, conducting investigations of computer attacks (when they affect the interests of the state), assistance in responding to attacks, i.e. developing approaches to protection against fundamentally new attacks. The law also provides for criminal liability for the owner of an insufficiently protected information system.

In organizations engaged in work requiring the processing of information containing state secrets, you can meet a specialist in PD ITR and TZI (counter foreign technical intelligence and technical protection of information). This is a narrower specialization, requires not only a deep knowledge of the regulatory framework and technical tools, but also implies certain obligations in connection with the admission to this information. In addition to the organization of work, you will be supervised by the relevant authorities. The work is not always interesting, but quite responsible. Holding this position, you become a part of the information Board of the country. The main interest is to government institutions.

An interesting solution was the launch of the state Document project State system of detection, prevention and elimination of consequences of computer attacks, which combines the interests of the state and private investments

A new concept for the Russian market, "privately-state " partnership in the field of security. This scheme involves the existence of public or private systems that need to be protected.
At the head of the scheme is the state represented by 8 security center of the FSB of Russia, which is responsible for the functioning of the state system, and there is a variety of corporate and departmental centers to respond to computer attacks. As a result, the national protection of information systems is distributed between the state and commercial companies. Thus there is the possibility to implement the outsourcing of information security. Eventually the system of interconnected subjects is created: the defending systems, the state Document, the state. System Goscope and the requirements of the law No. 187-FZ does not guarantee that the system will be impossible to hack, but the implementation of these requirements and establishment of centres Goscope will allow you to eliminate 90% of primitive attacks, allow you to concentrate on high-level.

Unexpectedly, this sample includes representatives of the PR departments. Which today play an important role in rapid steps in case of leakage of undesirable information in the media. Their purpose not only competently and quickly to organize work on attenuation of distribution, but also creation of more important information occasion, for drawing attention. This work is very important not only in terms of competition, but also influence on the image of the company. Personal contacts and contacts with representatives of information platforms, where this information can be found, can be a good guarantee of success.

Today, it is impossible to underestimate the importance of information and methods for its preservation. Of course, its preservation has become a critical area, regardless of the size and direction of the organization. Only effective work of the entire chain of specialists and structural units can reduce the risks of attack and the consequences of loss of information.