Answer the question
In order to leave comments, you need to log in
How is Critical Infrastructure compiled?
Good afternoon, I wanted to know how to identify in a medical organization:
- all the processes that the organization performs (Managerial, Technological, financial, economic, production) and make a complete list?
-To identify the critical ones from all the processes?
-Listing critical processes?
For example, a medical enterprise.
We have the Internet, LAN, 1C, Video surveillance, the Glonass system for cars, what can be listed and how to arrange it correctly, maybe there is a link?
Answer the question
In order to leave comments, you need to log in
You probably received an order from above. If it is true. That in a reasonable way, such a problem is not solved.
The solution path is as follows.
We take departmental instructions and laws, build a "semantic graph" for "critical infrastructure", superimpose it on departmental instructions related to your institution and on your internal regulations. Unravel this hellish tangle. After that, you will have what and according to what laws you owe to whom and what belongs to the "critical" infrastructure.
People have been practicing for years in similar crocheting, this task is not solved at once, and even in such a way that it turns out that no money is needed and no one has been set up.
We start by reading the legislation related to CII - there is not much there. We are looking for all sorts of secondary documents, if I'm not mistaken, there was something about how CII is classified.
Here is a small list:
FZ-187
Decree of the Government of the Russian Federation No. 127 dated February 8, 2018 On approval of the rules for categorizing critical information infrastructure objects
FSTEC Order No. 239, as amended on February 20, 2020 On approval of the Requirements for ensuring the security of significant objects of critical information infrastructure
Information letter FSTEC dated April 17, 2020 "On the provision of lists of objects of critical information infrastructure to be categorized"
Decree of the President of the Russian Federation of March 30, 22 No. 166
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question