Job description of a specialist in ensuring information security in key information infrastructure systems. Section "qualification characteristics of positions of managers and specialists in ensuring information security in key areas

Job description and job responsibilities of the chief information security specialist.

1. GENERAL PROVISIONS

1.1. Real job description defines functional responsibilities, rights and
responsibility of the Chief Information Security Specialist of the enterprise (options: OJSC,
CJSC, LLC, institution, organization).
1.2. Chief Specialist for the protection of information is appointed to the position and dismissed
from office in the established current labor law by order
enterprise director.
1.3. The Chief Information Security Officer reports directly to the Director
enterprises (options: OJSC, CJSC, LLC, institutions, organizations).
1.4. A person is appointed to the position of Chief Information Security Officer,
having a higher professional (technical) education and work experience in defense
information.
1.5. The Chief Information Security Officer must know:
- legislative and regulatory legal acts about the state (official,
commercial) secret; regulatory and teaching materials on issues related to
ensuring the protection of information; development prospects, specialization and directions
activities of an institution, organization, enterprise (options: OJSC, CJSC, LLC, institutions,
organization) and its divisions; the nature of the interaction of departments in the process
economic activity enterprises (options: OJSC, CJSC, LLC, institutions, organizations)
and the procedure for passing official information; complex protection organization system
information valid at the enterprise (options: OJSC, CJSC, LLC, institution,
organizations); prospects and directions for the development of technical and software-mathematical
means of information protection; methods and means of control of protected information, detection
information leakage channels, organization of technical intelligence; planning methods and
organization of scientific research, development, performance of work on the protection
information; procedure for concluding contracts for special studies And
checks, works on protection of technical means of transmission, processing, display and storage
information; domestic and Foreign experience in the field of technical intelligence and protection
information; fundamentals of economics, organization of production, labor and management; rules and regulations
labor protection.
1.6.

During the temporary absence of the Chief Information Security Specialist, his
Responsibilities are assigned to _________________.
FUNCTIONAL RESPONSIBILITIES

Note.

Functional responsibilities of the Chief Information Security Specialist
determined on the basis and in the scope qualification characteristic as Chief
information security specialist and can be supplemented, clarified in the course of preparation
job description based on specific circumstances.
Manages the implementation of work on comprehensive information protection in the industry,
enterprise, (options: OJSC, CJSC, LLC, institution, organization), providing effective
application of all available organizational and engineering measures for protection,
constituting a state secret.
2.2. Participates in the development technical policy and determining development prospects
technical means of control, organizes the development and implementation of new technical and
software and mathematical means of protection, excluding or significantly complicating
unauthorized access to official information constituting official,
state or trade secret.
2.3. Participates in review terms of reference for product designs, scientific and
research and development work subject to protection is carried out by
control over the inclusion in them of the requirements of normative-technical and methodological documents on
information security and compliance with these requirements.
2.4. Prepares proposals for inclusion in the plans and work programs of organizational and
engineering and technical measures to protect information systems.
2.5. Participates in the development of secure information technologies, corresponding
requirements of complex information protection.
2.6. Organizes research work in the field of improvement
information security systems and increase their efficiency.
2.7. Performs the whole complex (including especially complex) works related to the control and
protection of information, based on the developed programs and methods.
2.8. Organizes the collection and analysis of materials on possible channels of information leakage, including
including through technical channels, when conducting research and development related to
creation and production of special products (products) necessary for carrying out
work to ensure the protection of information.
2.9. Provides coordination of ongoing organizational and technical measures,
development of methodological and regulatory materials and provision of the necessary methodological
assistance in carrying out work to protect information, assess the technical and economic
the effectiveness of the proposed and implemented organizational and technical solutions.
2.10. Organizes the collection and systematization necessary information about the objects
subject to protection, and protected information, provides methodological guidance and
control over the work on the assessment of the technical and economic level and efficiency
developed measures to protect information.
2.11. Leads the work on summarizing data on the need for technical and software
mathematical means of information security, control equipment, drawing up applications for
the production of these funds, organizes their receipt and distribution among the objects of protection.
2.12. Promotes the dissemination of best practices and the introduction of modern
organizational and technical measures, means and methods of information protection in order to increase their
efficiency.
2.13. Provides control over compliance with the requirements of regulatory and technical
documentation, compliance with the established procedure for performing work, as well as the current
legislation in dealing with issues related to the protection of information.
2.14. Coordinates the activities of divisions and specialists in information security in
industry, enterprise, institution, organization.

3. RIGHTS

The Chief Information Security Officer has the right to:
3.1. Give instructions to employees and services subordinate to him, tasks on a range of issues,
included in his functional responsibilities.
3.2. Control execution planned assignments and work, timely execution
individual assignments and assignments of services subordinate to him.
3.3. Request and receive necessary materials and documents related to
activities of the Chief Information Security Specialist, his subordinate services and
divisions.
3.4. Enter into relationships with departments of third-party institutions and organizations
to solve operational issues production activities within the competence
chief information security officer.
3.4. Represent the interests of the company in third-party organizations on issues,
related to the production activities of the enterprise.

4. RESPONSIBILITY

The Chief Information Security Officer is responsible for:
4.1. The results and efficiency of the production activities of the enterprise in terms of
compliance with information security measures.
4.2. Failure to ensure the performance of their functional duties, as well as work
subordinated to him services of the enterprise on issues of production activities.
4.3. Inaccurate information about the status of execution of work plans of subordinate services.
4.4. Failure to comply with orders, instructions and instructions of the director of the enterprise (options:
OJSC, CJSC, LLC, institutions, organizations).
4.5. Failure to take measures to suppress identified violations of safety regulations,
fire and other rules that pose a threat to the activities of the enterprise, its
employees.
4.6. Failure to ensure compliance with labor and performance discipline by employees
subordinate services and personnel subordinate to the Chief Security Specialist
information.

5. RIGHT TO SIGN. WORKING CONDITIONS

5.1. The exclusive scope of the Chief Information Security Officer
is to ensure the planning and organization of the production activities of the enterprise.
5.2. To the Chief Information Security Specialist to ensure his activities
the right to sign organizational and administrative documents on issues,
within its functional responsibilities.
5.3. The mode of operation of the Chief Information Security Officer is determined in
in accordance with the Rules of Internal work schedule installed at the enterprise.
5.4. Due to production needs, Chief Security Specialist
information can travel on business trips (including local).
5.5. To solve operational issues to ensure production activities,
The chief information security specialist may be allocated a company vehicle.

AGREED:

I. General provisions

1. For the position:
- an information security specialist is appointed a person with a higher professional (technical) education without presenting requirements for work experience;
— information security specialist of category II — a person with a higher professional (technical) education and work experience in the position of an information security specialist or other positions filled by specialists with higher professional education for at least 3 years;
— information security specialist of category I — a person with a higher professional (technical) education and work experience as an information security specialist of category II for at least 3 years.
2. Appointment to the position of an information security specialist and dismissal from it is carried out by order of the director of the enterprise on the proposal of the head of the information security department.
3. The information security specialist must know:
3.1. Legislative acts, regulatory and methodological materials on issues related to ensuring the protection of information.
3.2. Specialization of the enterprise and features of its activity.
3.3. production technology in the industry.
3.4. Equipment of computing centers with technical means, prospects for their development and modernization.
3.5. The system of organization of complex protection of information operating in the industry.
3.6. Methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence.
3.7. Methods for planning and organizing work to protect information and ensure state secrets.
3.8. Technical means of control and protection of information, prospects and directions for their improvement.
3.9. Methods for conducting special studies and inspections, works to protect the technical means of transmission, processing, display and storage of information.
3.10. The procedure for using abstract and reference publications, as well as other sources of scientific and technical information.
3.11. Achievements of science and technology in the country and abroad in the field of technical intelligence and information protection.
3.12. Methods and means of performing calculations and computational work.
3.13. Fundamentals of economics, organization of production, labor and management.
3.14. Fundamentals of labor legislation.
3.15. Rules and norms of labor protection, safety measures, industrial sanitation and fire protection.
4. The information security specialist reports directly to the head of the information security department.
5. During the absence of an information security specialist (vacation, illness, etc.), his duties are performed by a duly appointed person. This person acquires the appropriate rights and is responsible for the proper performance of the duties assigned to him.

II. Responsibilities of an Information Security Specialist

Information protection specialist:
1. Performs complex work related to ensuring the comprehensive protection of information based on the developed programs and methods, observance of state secrets.
2. Collects and analyzes materials from institutions, organizations and enterprises of the industry in order to develop and make decisions and measures to ensure the protection of information and efficient use means of automatic control, detection of possible channels of leakage of information representing state, military, official and commercial secrets.
3. Analyzes existing methods and means used to control and protect information, and develop proposals for their improvement and increasing the effectiveness of this protection.
4. Participates in the examination of objects of protection, their certification and categorization.
5. Develops and prepares for approval draft regulatory and methodological materials governing the work on information protection, as well as regulations, instructions and other organizational and administrative documents.
6. Organizes the development and timely submission of proposals for inclusion in the relevant sections of long-term and current work plans and programs of measures to control and protect information.
7. Gives feedback and opinions on projects for newly built and reconstructed buildings and structures and other developments on issues of information security.
8. Participates in the review of technical specifications for design, draft, technical and working projects, ensures their compliance with current regulatory and methodological documents, as well as in the development of new ones. circuit diagrams control equipment, control automation tools, information security models and systems, assessment of the technical and economic level and the effectiveness of the proposed and implemented organizational and technical solutions.
9. Determines the need for technical means protection and control, draws up applications for their purchase with the necessary justifications and calculations for them, controls their supply and use.
10. Carries out verification of compliance with the requirements of intersectoral and sectoral normative documents on information protection.

III. Rights of the data protection specialist

The information security specialist has the right to:
1. Get acquainted with the draft decisions of the management of the enterprise regarding its activities.
2. Submit proposals for the management to improve the work related to the responsibilities provided for in this instruction.
3. Within the limits of his competence, inform his immediate supervisor of all shortcomings in the activities of the enterprise (his structural divisions) and make suggestions for their elimination.
4. To request personally or on behalf of his immediate supervisor from specialists of departments information and documents necessary for the performance of his official duties.
5. Involve specialists from all (individual) structural divisions in solving the tasks assigned to him (if this is provided for by the regulations on structural divisions, if not, then with the permission of their heads).
6. Require from his immediate supervisor, the management of the enterprise to assist in the performance of his duties and rights.

IV. Responsibility of the data protection officer

The Information Security Specialist is responsible for:
1. For improper performance or non-performance of their official duties provided for by this job description - to the extent determined by the current labor legislation Russian Federation.
2. For offenses committed in the course of carrying out their activities - within the limits determined by the current administrative, criminal and civil legislation of the Russian Federation.
3. For causing material damage - within the limits determined by the current labor and civil legislation of the Russian Federation.

Information is one of the main values ​​of the organization, requiring the protection and control of its use. The further the development of information technology goes, the more information is transferred to electronic media, and paper options for storing data are becoming less relevant. Created databases, software, enterprise documentation must be reliably protected both from unauthorized use and from distribution outside the enterprise.

To accomplish this task, organizations hire specialists with the ability to provide such protection and create conditions for the use of information by employees of the enterprise within the framework of the rules being created.

About document

Information Security Specialist position different organizations understood in its own way.

• In some companies, the functions of these employees include duties related to the protection of any type of information. As a rule, such specialists are included in the structure of economic security departments.
• In other enterprises, the information security specialist works exclusively with electronic information systems, in which case such employees are most often included in the IT departments and report to.

Development goals and objectives

Since the job description is not a document that is mandatory for development in the organization, it can take the form that is convenient for the employer. But whatever format is chosen, it must solve the main task - to determine the requirements of the position for the employee and form a specific list of duties that he will perform at his workplace.

Regulations

The development of a job description for this specialist can be regulated not only by external regulations that define the requirements for protecting information at the level of the entire state.

• Since September 2016 a professional standard for the position of "Information Protection Specialist in automated systems”, which can become the basis for the development of DI.
• The main internal document on the basis of which the development of instructions can begin can be the concept of an enterprise for security, which reflects all the basic requirements for protecting the organization's information.
• Also, for development, internal regulations for the protection of personal data of employees, rules for the use by the organization's personnel can be used. information media and databases, regulations on the differentiation of access rights and other internal regulatory documentation, which reflects the requirements for the protection of enterprise information.
• Valuable information for the development of DI is contained in formalized business processes for functional areas in which a specialist is involved.

Types of CI

The job description can be developed in the form of a typical DI that applies to the positions of information security specialists available in the structure of organizations included in. This form can only be used if the requirements for positions, functions, rights and responsibilities are completely identical in these companies.

Today, companies use both standard DIs and other versions of documents that allow fixing the functions of the position, the duties of the employee, his rights and responsibilities. Such forms may include the conclusion of an agreement, which briefly outlines the duties of the employee, and the agreement creates separate application with detailed information necessary to standardize the requirements for an employee. Another form used by organizations to standardize employee requirements is the job profile or job standard.

In the event that for each position its own functionality is determined, it is assumed different system subordination, the development of individual instructions for each position is required.

Who makes up

Responsibilities for compiling DI in different companies are assigned to different employees. Most often, development is carried out by several workers. Such a working group includes an information security specialist, or, as well as, or,. Sometimes also participates.

• HR department employees are responsible for determining the form of the document, applying the requirements of the professional standard in the development of DI, organizing the development process.
• Immediate supervisor defines the description of the sections related to the requirements for employees, the scope of job responsibilities.
• legal adviser checks the document for compliance internal requirements, a reflection of all legal aspects of the functioning of the position in the organization: the procedure for appointment and dismissal, the rights and responsibilities of the employee.

The final version, as a rule, is formed by specialists of HR departments and organizes the procedure for agreeing and approving the document by the director of the enterprise.

Where is used

The instruction is used in almost all personnel management processes:

• when hiring new employees and determining requirements for applicants for a position;
• for determining core competencies, which should be assessed both at the stage of selection of candidates, and for current assessment organization personnel;
• during the implementation of adaptation programs;
• when resolving labor conflicts and disagreements arising between the employee and the employer.

Provisions of the job description of a specialist and an information security engineer

The provisions of the job description of an information security specialist should contain all information about the position, including its place in the overall structure, the requirements of the position for the employee, detailed information about the duties, his rights and responsibility for achieving the required results.

Are common

IN general provisions information about the job title is entered. In accordance with professional standard there are two categories for an information security specialist: I and II. However, if an enterprise is not required by law to without fail apply the requirements of the standard, then categories may not be assigned to employees.

• This section of the instruction defines the subordination of a specialist, describes organizational structure divisions.
• Important information reported in this part of the CI is education, work experience, and seniority requirements.
• According to prof. standard, the employee must have higher education and a bachelor's degree in information security. Work experience is not required if the employee does not perform a number of duties, information about which can be found in the text of the standard. If its functionality is wide enough, then work experience of at least one year may be required.
• In part additional education The standard recommends that an employee take refresher courses in the field of information security.
• In terms of employee access to work with information, if necessary and a certain profile of the enterprise, he must have access to state secrets.

Mandatory fulfillment of these requirements is necessary if the organization is obliged to assess the level of qualification of its employees for compliance with prof. standard.

Position Objectives

The purpose of the position of an information security specialist is to ensure the protection of information from external and internal threats, the application modern means protection.

The main tasks of a specialist include:

1. Identification of risks and threats in the field of information security.
2. Development of protection measures.
3. Implementation of protection systems.
4. Monitoring the state of the information security system and preventing violations in its operation.
5. Development of regulatory documentation in the field of information security.

Requirements for knowledge and skills

• state legislative framework in the field of information security;
• rules for building information security systems;
• criteria by which the level of information protection is assessed;
• software and hardware that provide the required level of information protection;
• channels of "leakage" of information;
• internal regulations for their functional area of ​​activity.

The most sought after skills include:

• the ability to timely identify incidents related to the violation of information security;
• choose right ways response to emerging incidents;
• identify and classify risks in the field of information security;
• distribute user access rights and control compliance with the company's requirements by users when working with information;
• install a specialized software;
• identify vulnerabilities in the information security system and eliminate them in a timely manner.

Job Responsibilities

The duties of an information security specialist include several functional areas that should be described in sufficient detail. When describing job responsibilities, it is necessary to systematize information, combining it into blocks according to the functional areas of the employee's work.

1. : identification of bottlenecks, risk factors, preparation of proposals to increase the efficiency of the system.
2. Monitoring and diagnosing the operation of information security systems: detection of violations, their identification, preparation of proposals for neutralizing the identified violations and preventing their recurrence.
3. Administration of information security systems operation: software installation, distribution of access rights for users, monitoring of system performance, fixing system failures, responding to emergency situations in the operation of security systems, setting up and backing up information, determining the rules for storing backups, organizing storage locations and access rules in the data warehouse.
4. Evaluation of the efficiency of information security systems.
5. Development of regulatory documentation for information protection, bringing to the attention of employees the rules and requirements for working with information, monitoring the implementation of the rules, identifying violations by personnel of the requirements for working with information, initiating internal investigations into identified violations.
6. Selection of new means of information protection, testing, implementation of systems, control of their work, evaluation of the effectiveness of protection.

Interaction

An information security specialist works in any employee of the organization who uses software tools in his work and has access to the documentation and information of the enterprise.

The interaction may include tasks that the employee solves daily, communicating with the employees of the organization:

• distribution of access rights to information systems companies;
• installation of specialized software on users' computers;
• identification of violations in the work with information allowed by employees of the organization;
• incident investigation;
• introduction of rules for working with information, bringing to the attention of employees the requirements of regulations on information protection.

The video below will tell you about the position of an information protection specialist:

Rights and responsibilities

The Information Security Specialist is responsible for:

• safety of enterprise information;
• the effectiveness of the built protection;
• timely detection of violations in the system;
• qualitative elimination of violations and the development of measures to prevent the recurrence of such violations.

The rights granted to an employee should provide him with the opportunity to:

• interact with any employee on work issues and require them to comply with information security requirements;
• have access to the top officials of the enterprise and inform them about detected violations in the operation of security systems and non-compliance by employees with the rules for information protection;
• initiate the introduction of new protection systems.

You can download the DI of an information security engineer, and a specialist -.

Job description of an information security engineer (sample)

Job description of an information security specialist[name of organization, enterprise, etc.]

This job description has been developed and approved in accordance with the provisions and other regulations governing labor relations in the Russian Federation.

I. General provisions

1.1. An information security specialist belongs to the category of specialists, is hired and dismissed from it by order of the head of the enterprise on the proposal of the head of the information security department.

1.2. A person who has a higher professional (technical) education and at least [value] years as an information security specialist of the II category is appointed to the position of a category I information protection specialist; for the position of an information security specialist of the II category - a person with a higher professional (technical) education and work experience in the position of an information security specialist or other positions filled by specialists with a higher professional education, not less than [value] years; for the position of an information security specialist - a person with a higher professional (technical) education, without presenting requirements for work experience.

1.3. The Information Security Specialist reports directly to [fill in as appropriate].

1.4. In his work, the information security specialist is guided by:

Legislative and regulatory documents on the issues of ensuring the protection of information;

Methodological materials relating to relevant issues;

the Charter of the enterprise;

Labor regulations;

Orders and orders of the director of the enterprise (immediate supervisor);

This job description.

1.5. The Information Security Specialist should know:

Legislative acts, regulatory and methodological materials on issues related to ensuring the protection of information;

Specialization of the enterprise and features of its activity;

Production technology in the industry;

Equipment of computing centers with technical means, prospects for their development and modernization;

The system of organization of complex protection of information operating in the industry;

Methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence;

Methods for planning and organizing work to protect information and ensure state secrets;

Technical means of control and protection of information, prospects and directions for their improvement;

Methods for conducting special studies and inspections, work on the protection of technical means of transmission, processing, display and storage of information;

The procedure for using abstract and reference publications, as well as other sources of scientific and technical information;

Achievements of science and technology in the country and abroad in the field of technical intelligence and information protection;

Methods and means of performing calculations and computational work;

Fundamentals of economics, organization of production, labor and management;

Basics of the labor legislation of the Russian Federation;

Rules and norms of labor protection, safety measures, industrial sanitation and fire protection;

- [fill in as needed].

1.6. During the absence of an information security specialist (business trip, vacation, illness, etc.), his duties are performed by a duly appointed person. This person acquires the appropriate rights and is responsible for the proper performance of the duties assigned to him.

II. Functions

The Information Security Specialist is responsible for the following:

2.1. Ensuring comprehensive protection of information, observance of state secrets.

2.2. Participation in the survey, certification and categorization of objects of protection.

2.3. Development of organizational and administrative documents regulating the work on information protection.

2.4. Determining the need for technical means of protection and control.

2.5. Verification of compliance with the requirements of regulatory documents on information protection.

III. Job Responsibilities

To perform the functions assigned to him, the information security specialist must:

3.1. Perform complex work related to ensuring comprehensive information protection based on developed programs and methods, observing state secrets.

3.2. To collect and analyze materials from institutions, organizations and enterprises of the industry in order to develop and make decisions and measures to ensure the protection of information and the effective use of automatic control tools, detect possible channels for leaking information representing state, military, official and commercial secrets.

3.3. Analyze existing methods and tools used to control and protect information, and develop proposals for their improvement and increasing the effectiveness of this protection.

3.4. Participate in the examination of objects of protection, their certification and categorization.

3.5. Develop and prepare for approval draft regulatory and methodological materials governing the work on information protection, as well as regulations, instructions and other organizational and administrative documents.

3.6. Organize the development and timely submission of proposals for inclusion in the relevant sections of long-term and current work plans and programs of measures to control and protect information.

3.7. Give feedback and opinions on projects of newly built and reconstructed buildings and structures and other developments on issues of information security.

3.8. Participate in the review of technical specifications for design, draft, technical and working projects, ensure their compliance with current regulatory and methodological documents, as well as in the development of new schematic diagrams of control equipment, control automation tools, models and information security systems, assessment of the technical and economic level and the effectiveness of the proposed and implemented organizational and technical solutions.

3.9. Determine the need for technical means of protection and control, draw up applications for their purchase with the necessary justifications and calculations for them, control their supply and use.

3.10. Verify compliance with the requirements of intersectoral and sectoral regulatory documents on information security.

IV. Rights

The information security specialist has the right to:

4.1. Get acquainted with the draft decisions of the management of the enterprise relating to its activities.

4.2. Submit proposals for improvement of the work related to the responsibilities provided for in this instruction for consideration by the management.

4.3. Receive from the heads of structural divisions, specialists information and documents necessary for the performance of their duties.

4.4. Involve specialists from all structural divisions of the enterprise to solve the duties assigned to it (if it is provided for by the regulations on structural divisions, if not, with the permission of the head of the enterprise).

4.5. Require the management of the enterprise to assist in the performance of their duties and rights.

V. Responsibility

The Information Security Specialist is responsible for:

5.1. For failure to perform (improper performance) of their official duties provided for by this job description, to the extent determined by the labor legislation of the Russian Federation.

5.2. For offenses committed in the course of carrying out their activities - within the limits determined by the administrative, criminal and civil legislation of the Russian Federation.

5.3. For causing material damage - within the limits determined by the labor, criminal and civil legislation of the Russian Federation.

The job description was developed in accordance with [name, number and date of the document].

Head of structural unit

[initials, last name]

[signature]

[day month Year]

Agreed:

Head of the legal department

[initials, last name]

[signature]

[day month Year]

Familiarized with the instructions:

[initials, last name]

[signature]

[day month Year]

Collection of job descriptions

Approximate form

I approve

___________________________________ (initials, surname)
(name of company, __________________________
enterprise, etc., his (director or other
legal form) executive,
authorized to approve
job description)

"" ____________ 20__

Job description
information security specialist

______________________________________________
(name of organization, enterprise, etc.)

"" ______________ 20__ N_________

This job description has been developed and approved for
basis employment contract With __________________________________________
(name of the position of the person for whom
______________________________________________________ and in accordance with
this job description has been drawn up)
provisions Labor Code Russian Federation and other regulatory
acts regulating labor relations in the Russian Federation.

I. General provisions

1.1. Information Security Specialist belongs to the category
specialists, is hired and fired from it by order
the head of the enterprise on the proposal of the head of the protection department
information.
1.2. For the position of an information security specialist of the 1st category
a person is appointed who has a higher professional (technical)
education and work experience as an information security specialist II
categories of at least ______ years; as a security specialist
information category II - a person with a higher professional
(technical) education and work experience as a security specialist
information or other positions filled by specialists with higher
vocational education, at least _________ years; for the position
information security specialist - a person who has a higher professional
(technical) education, without presenting requirements for work experience.
1.3. The Information Security Officer reports directly to
________________________________________________________________________.
1.4. In his work, an information security specialist
guided by:
- legislative and regulatory documents on issues
ensuring the protection of information;
- methodological materials related to relevant issues;
- the charter of the enterprise;
- labor regulations;
- orders and orders of the director of the enterprise
(immediate supervisor);
- this job description.
1.5. The Information Security Specialist should know:
- legislative acts, normative and methodological materials on
issues related to ensuring the protection of information;
- specialization of the enterprise and features of its activity;
- production technology in the industry;
- equipping computer centers with technical means,
prospects for their development and modernization;
- a system for organizing the comprehensive protection of information operating in
industries;
- methods and means of monitoring protected information, identifying channels
information leaks, organization of technical intelligence;
- methods of planning and organization of protection works
information and ensuring state secrets;
- technical means of control and protection of information, prospects and
directions for their improvement;
- methods for conducting special studies and inspections, works on
protection of technical means of transmission, processing, display and storage
information;
- the procedure for using abstract and reference and information
publications, as well as other sources of scientific and technical information;
- achievements of science and technology in the country and abroad in the field of
technical intelligence and information protection;
- methods and means of performing calculations and computational work;
- fundamentals of economics, organization of production, labor and management;
- fundamentals of the labor legislation of the Russian Federation;
- rules and regulations of labor protection, safety measures,
industrial sanitation and fire protection;
- _________________________________________________________________.
1.6. During the absence of an information security specialist
(business trip, vacation, illness, etc.) his duties are performed by a person
assigned in due course. This person acquires
relevant rights and is responsible for the proper implementation
the duties assigned to him.

II. Functions

The Information Security Specialist is responsible for the following:
2.1. Ensuring comprehensive information protection, compliance
state secret.
2.2. Participation in the survey, certification and categorization of objects
protection.
2.3. Development of organizational and administrative documents,
regulating the work on the protection of information.
2.4. Determining the need for technical means of protection and
control.
2.5. Verification of compliance with the requirements of regulatory documents on protection
information.

III. Job Responsibilities

In order to perform the functions assigned to him, the protection specialist
information must:
3.1. Perform complex work related to the provision of integrated
information protection based on the developed programs and methods, compliance with
state secret.
3.2. Collect and analyze materials from institutions, organizations and
enterprises of the industry in order to develop and adopt decisions and measures to
ensuring the protection of information and the efficient use of funds
automatic control, detection of possible channels of information leakage,
representing state, military, official and commercial secrets.
3.3. Analyze existing methods and tools used for
control and protection of information, and develop proposals for their
improving and increasing the effectiveness of this protection.
3.4. Participate in the inspection of objects of protection, their certification and
categorization.
3.5. Develop and prepare for approval draft normative and
methodological materials regulating the work on information protection, and
as well as regulations, instructions and other organizational and administrative
documents.
3.6. Organize the development and timely submission
proposals for inclusion in the relevant sections of promising and
current work plans and programs of measures to control and protect information.
3.7. Give feedback and opinions on projects of newly built and
reconstructed buildings and structures and other developments on
ensuring the protection of information.
3.8. Participate in the review of technical specifications for
design, draft, technical and working projects, provide them
compliance with applicable regulatory and methodological documents, as well as in
development of new circuit diagrams of control equipment, means
automation of control, models and systems of information security, assessment
technical and economic level and efficiency of the proposed and implemented
organizational and technical solutions.
3.9. Determine the need for technical means of protection and
control, draw up applications for their purchase with the necessary
justifications and calculations for them, control their delivery and
usage.
3.10. To check compliance with the requirements of intersectoral and
industry regulatory documents on information security.

IV. Rights

The information security specialist has the right to:
4.1. Get acquainted with the draft decisions of the company's management,
relating to his activities.
4.2. Submit proposals for consideration by management
improvement of the work related to the duties stipulated
this instruction.
4.3. Receive from the heads of structural divisions,
information and documents necessary for the performance of their
official duties.
4.4. Involve specialists from all structural divisions
enterprise to solve the duties assigned to it (if it is
provided for by the provisions on structural divisions, if not - with
permission of the head of the enterprise).
4.5. Require the management of the enterprise to assist in
performance of their duties and rights.

V. Responsibility

The Information Security Specialist is responsible for:
5.1. For failure to perform (improper performance) of their official
duties set out in this job description
within the limits determined by the labor legislation of the Russian Federation.
5.2. For those committed in the course of carrying out their activities
offenses - within the limits determined by administrative, criminal and
civil legislation of the Russian Federation.
5.3. For causing material damage - within the limits determined
labor, criminal and civil legislation of the Russian Federation.

The job description was developed in accordance with ________________
(Name,
_____________________________.
document number and date)

Head of structural (initials, surname)
subdivisions _________________________
(signature)

"" _____________ 20__

Agreed:

Head of the legal department

(initials, surname)
_____________________________
(signature)

"" ________________ 20__

I am familiar with the instruction: (initials, surname)
_________________________
(signature)