Answer the question
In order to leave comments, you need to log in
S
S
Stanislav Ezersky2013-12-01 19:19:06
Stanislav Ezersky, 2013-12-01 19:19:06
How to organize information security of the organization?
Hello!
Dear, please share information about the information security of a company operating in the service sector (about 10-20 computers). Interested in goals, objectives and everything related to the information security department.
I would be glad for any information about protecting the network and organizing data storage on my own server, protecting data from leakage and outside access.
PS The only thing I know from my friends is the primitive “tear out disk drives, USB ports, turn off the Internet, install an antivirus”
PPS I got acquainted with this document , but I would like to get more accessible information from those who are connected with this.
Thanks in advance!
1 answer(s)
@EzS
I
Igor Lyutoev, 2013-12-03 @EzS
I propose to go wider:
- first you need to understand what to protect: information - personal data, trade secrets, infrastructure. Here it is better to start with the basic federal laws - on personal data, on CT, on information.
- then you can refer to the GOSTs and the requirements of regulators (FSTEC, Roskomnadzor) - get a general idea of \u200b\u200bIB and what government agencies want from you. You will draw best practices from the standards (series 27001, NIST SP 800), FSTEC documents (in relation to PD) - order 21, threat model, Government Decree 1119.
- well, then look at what is relevant for you and start to close with technical means and organizational measures.
It turned out chaotically - but I think I conveyed the general idea.
Similar questions
V
A
M
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question