In the open spaces, ConsultantPlus unexpectedly found a rather amusing form of a job description for a specialist in ensuring information security in key information infrastructure systems. As an unknown author says, "the form was prepared using legal acts as of 02/03/2014."

Interesting, but sometimes controversial (debatable) provisions. For those who deal with the topic of protecting the KVO, it may be useful to familiarize yourself with the aspen moments, they are further.

1.1. This job description defines functional responsibilities, rights and responsibilities of an information security specialist in key information infrastructure systems _______________ (hereinafter referred to as the Organization).

1.5. An information security specialist in key information infrastructure systems should know:

Laws and other normative legal acts Russian Federation governing relations related to the protection of state secrets and other restricted information; regulatory and methodological documents on issues related to information security;

The management, communication and automation structure and the main elements of the Organization's key information infrastructure system;

Access control subsystems, attack detection subsystems, subsystems for protection against intentional influences, information integrity control;

The procedure for creating a secure channel between interacting objects through a public system using dedicated communication channels;

The procedure for performing authentication of interacting objects and verifying the identity of the sender and the integrity of the data transmitted through the public system;

Equipment of the Organization with basic and auxiliary technical means and systems, prospects for their development and modernization;

Prospects and directions for the development of methods and means of technical and software and hardware information protection from destructive information influences;

The procedure for designing and certification of informatization objects; monitoring the effectiveness of information protection at informatization objects;

The procedure for monitoring the use of open radio communication channels;

Methods and tools for identifying threats to information security, methods for identifying information leakage channels;

Methods for conducting scientific research, development on the technical protection of information;

The procedure for examining key information infrastructure systems, drawing up inspection reports, test reports, instructions for the right to operate special means ensuring the security of information, as well as regulations, instructions and other organizational and administrative documents;

Powers to ensure the security of information, the possibilities and procedure for the use of staff technical means ensuring the security of information and monitoring their effectiveness;

Methods for analyzing the results of inspections, accounting for violations of information security requirements;

Methodology for preparing proposals, methods and means of performing computational work in the interests of planning, organizing and carrying out work to ensure the security of information and ensure state secrets;

Achievements of science and technology in the country and abroad in the field of technical intelligence and information protection;

Assessment Methods professional level information security specialists, certification of specialists;

Basics labor law;

Rules on labor protection and fire safety.

2. FUNCTIONAL RESPONSIBILITIES

Information security specialist in key information infrastructure systems:

2.1. Performs activities to ensure the security of information in key systems of the information infrastructure.

2.2. Identifies possible threats to information security, software and hardware vulnerabilities, develops intrusion detection technologies, evaluates and reassesses the risks associated with threats of destructive information impacts that can damage systems and networks due to unauthorized access, disclosure, modification or destruction of information and information resources. control systems.

2.3. Defines restrictions on information input, procedures for managing security incidents and preventing their development, the procedure for connecting to open information systems, taking into account security associated with agreements on access and resource prioritization, requirements for backup storage, processing and copying information, service priorities for use of main and backup telecommunication services (services).

2.4. Develops procedures for protecting information carriers, communications and restoring information and control systems after a failure or failure.

2.5. Carries out control over activities to ensure the security of information in key systems of the information infrastructure; informational, logistical and scientific and technical support of information security; monitoring the status of work to ensure the security of information in key systems of the information infrastructure and their compliance with the regulatory legal acts of the Russian Federation.

2.6. Gives feedback and opinions on projects of newly created and modernized facilities and other developments on the issues of ensuring information security in key information infrastructure systems.

2.7. Participates in review terms of reference for research and development work to ensure the security of information in key systems of the information infrastructure, evaluates their compliance with current regulatory and methodological documents.

2.8. Participates in the implementation of new means of technical protection of information.

2.9. Promotes the dissemination of best practices in the Organization and the introduction of modern organizational and technical measures, means and methods for ensuring the security of information in key systems of the information infrastructure.

2.10. Conducts assessments of the technical and economic level and effectiveness of the proposed and implemented organizational and technical solutions to ensure the security of information in key information infrastructure systems.

2.11. Develops lists of personnel access to protected objects, procedures and rules for the behavior of employees, including when they are moved, dismissed and interact with personnel of third-party organizations.

2.12. Supervises and trains personnel to act in crisis situations, including the procedure for the actions of managers and other responsible persons of key information infrastructure systems.

Methods for selecting specialists and rules for maintaining documentation. The strategy of personnel management and the subtleties of labor legislation. how personnel worker you know firsthand how many skills and knowledge this profession requires.

We also know how complex and multifaceted the tasks of a human resources specialist are. We understand how important it is to receive specialized information in time and in full. We are aware of how difficult it can sometimes be to interpret laws and apply them in practice.

To help you, we have created the official website of the magazine "Handbook of Personnel Officer" - a portal where all the most important professional information is collected.

Registration on Pro-personal.ru is:

About work with personnel and personnel office work - every day.

Operative information about changes in the labor legislation.

Rostrud clarifications, expert comments, analysis of judicial practice.

practical advice, step by step instructions for all key processes.

The project team consists of experienced experts in the field of personnel management and labor legislation. The result of their work is materials that make work easier. personnel specialists at all stages: from the formation of staff to the preparation of reports and interaction with the GIT.

We strive to create informational space, where professional personnel officers find everything you need effective work. AT electronic version magazine you will find not only useful articles, but also many services that will greatly facilitate your work. Among them:

Calculators of pension payments, other benefits.

Production calendars with the function of calculating the norms of working hours.

Dispensary schedules.

Use the free demo access to evaluate the information content and practical value of the materials in practice.

Register to use the opportunities of the personnel portal as efficiently as possible.

I approve

___________________________________ (initials, surname)
(name of company, __________________________
enterprise, etc., his (director or other
legal form) executive,
authorized to approve
job description)

"" ____________ 20__

Job description
information security specialist

______________________________________________
(name of organization, enterprise, etc.)

"" ______________ 20__ N_________

This job description has been developed and approved for
basis employment contract with __________________________________________
(name of the position of the person for whom
______________________________________________________ and in accordance with
this job description has been drawn up)
provisions Labor Code Russian Federation and other regulatory
acts governing labor relations In Russian federation.

I. General provisions

1.1. Information Security Specialist belongs to the category
specialists, is hired and fired from it by order
the head of the enterprise on the proposal of the head of the protection department
information.
1.2. For the position of an information security specialist of the 1st category
a person is appointed who has a higher professional (technical)
education and work experience as an information security specialist II
categories of at least ______ years; as a security specialist
information category II - a person with a higher professional
(technical) education and work experience as a security specialist
information or other positions filled by specialists with higher
vocational education, at least _________ years; for the position
information security specialist - a person who has a higher professional
(technical) education, without presenting requirements for work experience.
1.3. The Information Security Officer reports directly to
________________________________________________________________________.
1.4. In his work, an information security specialist
guided by:
- legislative and regulatory documents on issues
ensuring the protection of information;
- methodological materials related to relevant issues;
- the charter of the enterprise;
- rules work schedule;
- orders and orders of the director of the enterprise
(immediate supervisor);
- this job description.
1.5. The Information Security Specialist should know:
- legislative acts, regulatory and methodological materials on
issues related to ensuring the protection of information;
- specialization of the enterprise and features of its activity;
- production technology in the industry;
- equipping computer centers with technical means,
prospects for their development and modernization;
- a system for organizing the comprehensive protection of information operating in
industries;
- methods and means of monitoring protected information, identifying channels
information leaks, organization of technical intelligence;
- methods of planning and organization of protection works
information and ensuring state secrets;
- technical means of control and protection of information, prospects and
directions for their improvement;
- methods for conducting special studies and inspections, works on
protection of technical means of transmission, processing, display and storage
information;
- the procedure for using abstract and reference and information
publications, as well as other sources of scientific and technical information;
- achievements of science and technology in the country and abroad in the field of
technical intelligence and information protection;
- methods and means of performing calculations and computational work;
- fundamentals of economics, organization of production, labor and management;
- fundamentals of the labor legislation of the Russian Federation;
- rules and regulations of labor protection, safety measures,
industrial sanitation and fire protection;
- _________________________________________________________________.
1.6. During the absence of an information security specialist
(business trip, vacation, illness, etc.) his duties are performed by a person
assigned in due course. This person acquires
relevant rights and is responsible for the proper implementation
the duties assigned to him.

II. Functions

The Information Security Specialist is responsible for the following:
2.1. Ensuring comprehensive information protection, compliance
state secret.
2.2. Participation in the survey, certification and categorization of objects
protection.
2.3. Development of organizational and administrative documents,
regulating the work on the protection of information.
2.4. Determining the need for technical means of protection and
control.
2.5. Verification of compliance with the requirements of regulatory documents on protection
information.

III. Job Responsibilities

In order to perform the functions assigned to him, the protection specialist
information must:
3.1. Perform complex work related to the provision of integrated
information protection based on the developed programs and methods, compliance with
state secret.
3.2. Collect and analyze materials from institutions, organizations and
enterprises of the industry in order to develop and adopt decisions and measures to
ensuring the protection of information and efficient use funds
automatic control, detection of possible channels of information leakage,
representing state, military, official and commercial secrets.
3.3. Analyze existing methods and the means used to
control and protection of information, and develop proposals for their
improving and increasing the effectiveness of this protection.
3.4. Participate in the inspection of objects of protection, their certification and
categorization.
3.5. Develop and prepare for approval draft normative and
methodological materials regulating the work on information protection, and
as well as regulations, instructions and other organizational and administrative
documents.
3.6. Organize the development and timely submission
proposals for inclusion in the relevant sections of promising and
current work plans and programs of measures to control and protect information.
3.7. Give feedback and opinions on projects of newly built and
reconstructed buildings and structures and other developments on
ensuring the protection of information.
3.8. Participate in the review of technical specifications for
design, draft, technical and working projects, provide them
compliance with applicable regulatory and methodological documents, as well as in
developing new circuit diagrams control equipment, facilities
automation of control, models and systems of information security, assessment
technical and economic level and efficiency of the proposed and implemented
organizational and technical solutions.
3.9. Determine the need for technical means of protection and
control, draw up applications for their purchase with the necessary
justifications and calculations for them, control their delivery and
usage.
3.10. To check compliance with the requirements of intersectoral and
industry regulatory documents on information security.

IV. Rights

The information security specialist has the right to:
4.1. Get acquainted with the draft decisions of the company's management,
relating to his activities.
4.2. Submit proposals for consideration by management
improvement of the work related to the duties stipulated
this instruction.
4.3. Receive from leaders structural divisions,
information and documents necessary for the performance of their
official duties.
4.4. Involve specialists from all structural divisions
enterprise to solve the duties assigned to it (if it is
provided for by the provisions on structural divisions, if not - with
permission of the head of the enterprise).
4.5. Require the management of the enterprise to assist in
performance of their duties and rights.

V. Responsibility

The Information Security Specialist is responsible for:
5.1. For failure to perform (improper performance) of their official
duties set out in this job description
within the limits determined by the labor legislation of the Russian Federation.
5.2. For those committed in the course of carrying out their activities
offenses - within the limits determined by administrative, criminal and
civil legislation of the Russian Federation.
5.3. For causing material damage - within the limits determined
labor, criminal and civil legislation of the Russian Federation.

The job description was developed in accordance with ________________
(Name,
_____________________________.
document number and date)

Head of structural (initials, surname)
subdivisions _________________________
(signature)

"" _____________ 20__

Agreed:

Boss legal department

(initials, surname)
_____________________________
(signature)

"" ________________ 20__

I am familiar with the instruction: (initials, surname)
_________________________
(signature)

1. General Provisions

1.1. For the position:

- an information security specialist is accepted by a person with a higher professional (technical) education without presenting a requirement for work experience;

— an information security specialist of the II category is accepted (transferred) by a person with a higher professional (technical) education and work experience in the position of an information security specialist or other positions occupied by specialists with higher professional education for at least 3 years;

— an information security specialist of the 1st category is accepted (transferred) by a person with a higher professional (technical) education and work experience as an information security specialist of the 2nd category for at least 3 years.

1.2. The Information Security Specialist should know:

— legislative acts, regulatory and methodological materials on issues related to ensuring the protection of information;

- specialization of the organization and features of its activities;

- production technology in the industry, in the organization;

— equipment of computing centers with technical means, prospects for their development and modernization;

- a system for organizing complex information protection, operating in the industry, organization;

— methods and means of monitoring protected information, identifying information leakage channels, organizing technical intelligence;

- methods of planning and organizing work to protect information and ensure secrets protected by law (state, official, commercial);

- technical means of control and protection of information, prospects and directions for their improvement;

- methods for conducting special studies and inspections, work to protect the technical means of transmission, processing, display and storage of information;

- the procedure for using abstract and reference publications, as well as other sources of scientific and technical information;

- achievements of science and technology in the country and abroad in the field of technical intelligence and information protection;

— methods and means of performing calculations and computational work;

— fundamentals of economics, organization of production, labor and management;

— basics of labor legislation;

— Internal labor regulations;

— rules of labor protection and fire safety;

1.3. The information security specialist in his work is guided by:

— Regulations on the department for information protection;

- this job description;

— __________________________________________________________

(other acts and documents directly related to labor

The function of an information security specialist)

1.4. The Information Security Officer reports directly to

_________________________________________________________.

(name of the position of the head)

1.5. During the absence of an information protection specialist (vacation, illness, etc.), his duties are performed by an employee appointed in the prescribed manner, who acquires the relevant rights and is responsible for failure to perform or improper performance of the duties assigned to him in connection with the replacement.

1.6. __________________________________________________________

2. Functions

2.1. Organization of complex information protection.

2.2. Ensuring the effective use of automatic controls.

3. Job responsibilities

The Information Security Specialist has the following responsibilities:

3.1. Performs complex work related to ensuring comprehensive information protection based on developed programs and methods, compliance with legally protected secrets (state, official, commercial).

3.2. Collects and analyzes materials in order to develop and make decisions and measures to ensure the protection of information and the effective use of automatic control tools, to detect possible channels for the leakage of information representing a secret protected by law (state, official, commercial).

3.3. Analyzes the existing methods and means used to control and protect information, and develops proposals for their improvement and increasing the effectiveness of this protection.

3.4. Participates in the examination of objects of protection, their certification and categorization.

3.5. Develops and prepares for approval draft regulatory and methodological materials governing the work on information protection, as well as regulations, instructions and other organizational and administrative documents.

3.6. Organizes the development and timely submission of proposals for inclusion in the relevant sections of long-term and current work plans and programs of measures to control and protect information.

3.7. Gives feedback and opinions on projects of newly built and reconstructed buildings and structures and other developments on issues of information security.

3.8. Participates in the review of technical specifications for the implementation of draft, technical and working projects, ensures their compliance with current regulatory and methodological documents, as well as in the development of new circuit diagrams of control equipment, control automation tools, models and information security systems, assessment of the technical and economic level and efficiency proposed and implemented organizational and technical solutions.

3.9. Determines the need for technical means of protection and control, draws up applications for their purchase with the necessary justifications and calculations for them, controls their supply and use.

3.10. It checks compliance with the requirements of intersectoral and sectoral regulatory documents on information security.

3.11. __________________________________________________________

(other duties)

4. Rights

The information security specialist has the right to:

4.1. Participate in the discussion of draft decisions of the organization's management.

4.2. In coordination with the immediate supervisor, involve other employees in solving the tasks assigned to him.

4.3. Request and receive from employees of other structural units the necessary information and documents.

4.4. Participate in the discussion of issues related to the duties performed.

4.5. Require the management of the organization to assist in the performance of official duties.

4.6. __________________________________________________________

(other rights)

5. Responsibility

JOB DESCRIPTION

information security specialist

1. General Provisions

1.1. This job description defines the functional, job duties, rights and responsibilities of the information security specialist of the Organizational Technologies division (hereinafter referred to as the Information Security Specialist) of CJSC Association of Information Systems Specialists (hereinafter the Institution).

1.2. A person who meets the following education and training requirements is appointed to the position of an information security specialist:

with practical experience:

Special conditions for admission to work as an information security specialist:

1.3. The Information Security Specialist should know:

1.4. The Information Security Specialist must be able to:

1.5. An information security specialist is appointed to the position and dismissed by order CEO Institutions in accordance with the current legislation of the Russian Federation.

1.6. The Information Security Specialist reports to the General Director of the Institution and the Head of the Organizational Technologies Unit.

2. Labor functions

3. Job responsibilities

4. Rights

The information security specialist has the right to:

4.1. Request and receive the necessary information, as well as materials and documents related to the activities of an information security specialist.

4.2. Improve qualifications, undergo retraining (retraining).

4.3. Enter into relationships with departments of third-party institutions and organizations to resolve issues within the competence of an information security specialist.

4.4. Participate in the discussion of issues that are part of his functional duties.

4.5. Make suggestions and comments on the improvement of activities in the assigned area of ​​work.

4.6. Contact the relevant authorities local government or to the court to resolve disputes arising in the performance of functional duties.

4.7. enjoy information materials and legal documents necessary for the performance of their duties.

4.8. Pass certification in the prescribed manner.

5. Responsibility

The Information Security Officer is responsible for:

5.1. Failure to perform (improper performance) of their functional duties.

5.2. Failure to comply with the orders and instructions of the General Director of the Institution.

5.3. Inaccurate information about the status of the execution of assigned tasks and instructions, violation of the deadlines for their execution.

5.4. Violation of the internal labor regulations, fire safety and safety regulations established in the Establishment.

5.5. Causing material damage within the limits established by the current legislation of the Russian Federation.

5.6. Disclosure of information that became known in connection with the performance of official duties.

For the above violations, an information security specialist may be brought to disciplinary, material, administrative, civil and criminal liability in accordance with applicable law, depending on the severity of the offense.

This job description has been developed in accordance with the provisions (requirements) of the Labor Code of the Russian Federation dated December 30, 2001 No. 197 FZ (Labor Code of the Russian Federation) (with amendments and additions), professional standard"Specialist in the protection of information in automated systems" approved by order of the Ministry of Labor and Social Protection of the Russian Federation of September 15, 2016 No. 522n and other regulatory legal acts regulating labor relations.