Job description of a specialist in ensuring information security in key information infrastructure systems. Job description of an information security engineer Other instructions in the section

Job description information security engineer

[name of organization, enterprise, etc.]

This job description has been developed and approved in accordance with the provisions Labor Code Russian Federation and other regulations governing labor relations in the Russian Federation.

I. General provisions

1.1. An information security engineer is classified as a specialist.

1.2. A person with a vocational (technical) education, without any work experience requirements, or a secondary vocational (technical) education and work experience as an information security technician of category I for at least 3 years is appointed to the position of information security engineer.

1.3. Appointment to the position of information security engineer and dismissal from it are made by order of the head of the enterprise upon the recommendation of the head of the information security department.

1.4. An information security engineer must know:

Resolutions, directives, orders, methodological and regulatory materials on issues related to ensuring technical protection of information;

Specialization of the enterprise, its divisions and features of their activities;

Methods and means of obtaining, processing and transmitting information;

Technical means of information security;

Software and mathematical means of information security;

Registration procedure technical documentation on information protection;

The procedure for using scientific and technical documentation and other sources of information;

Channels of possible information leakage;

Methods of analysis and protection of information;

Organization of information protection work;

Instructions for following the regimen special works;

Regulatory documents on record keeping;

Domestic and Foreign experience in the field of technical intelligence and information security;

Fundamentals of economics, organization of production, labor and management;

Fundamentals of labor legislation of the Russian Federation;

Labor safety rules and regulations;

- [fill in what you need].

1.5. An information security engineer in his activities is guided by:

Regulations on the Information Protection Department;

This job description;

- [fill in what you need].

1.6. The information security engineer reports directly to the head of the information security department.

1.7. During the absence of an information security engineer (vacation, illness, business trip, etc.), his duties are performed by a person appointed in the prescribed manner. This person acquires the corresponding rights and is responsible for the proper performance of the duties assigned to him.

1.8. [Enter as appropriate].

2. Job responsibilities

Information security engineer:

2.1. Performs work on the design and implementation of special technical and software and mathematical means of information protection, provision of organizational and engineering and technical measures for information protection, provision of organizational and engineering and technical measures of protection information systems, conducts research in order to find and select the most appropriate practical solutions within the given task.

2.2. Carries out the selection, study and synthesis of scientific and technical literature, regulatory and teaching materials on technical means with methods of information protection.

2.3. Participates in the review of projects technical assignments, plans and schedules for work on technical protection of information, in the development of the necessary technical documentation.

2.4. Draws up calculation methods and experimental research programs for technical information security, performs calculations in accordance with developed methods and programs.

2.5. Conducts comparative analysis of research and testing data, studies possible sources and channels of information leakage.

2.6. Carries out the development of technical support for an information security system, technical maintenance of information security tools, takes part in drawing up recommendations and proposals for improving and increasing the efficiency of information security, in writing and designing sections of scientific and technical reports.

2.7. Compiles information reviews on technical information security.

2.8. Performs operational tasks related to ensuring control of technical means and mechanisms of the information security system, participates in conducting inspections of the enterprise to fulfill the requirements of regulatory and technical documentation for information security, in preparing reviews and conclusions on regulatory and methodological materials and technical documentation.

2.9. Prepares proposals for concluding agreements and contracts with other enterprises providing services in the field of technical means of information security, draws up requests for the necessary materials, equipment, devices.

2.10. Participates in the certification of objects, premises, hardware, programs, algorithms for compliance with information protection requirements for the relevant security classes.

2.11. Conducts performance and efficiency checks existing systems and technical means of information security, draws up and draws up inspection reports and develops proposals for improving and increasing the effectiveness of measures taken.

2.12. Studies and summarizes the experience of other organizations in the use of technical means and methods of protecting information in order to increase the efficiency and improve the work on its protection.

2.13. Performs work on time at a high scientific and technical level, observing the requirements of the instructions for the work schedule.

2.14. [Enter as appropriate].

3. Rights

The information security engineer has the right:

3.1. Get acquainted with the draft decisions of the enterprise management concerning its activities.

3.2. Submit proposals for improvement of work related to the responsibilities provided for in these instructions for consideration by management.

3.3. Within your competence, inform your immediate supervisor about all identified during the implementation process job responsibilities shortcomings in the activities of the enterprise ( structural divisions) and make proposals to eliminate them.

3.4. Request personally or on behalf of your immediate supervisor from department specialists information and documents necessary to perform your job duties.

3.5. Involve specialists from all (individual) structural divisions in solving the duties assigned to him (if this is provided for by the regulations on structural divisions, if not, with the permission of the head of the enterprise).

3.6. Demand from your immediate supervisor or the management of the enterprise to provide assistance in the performance of their official duties and rights.

3.7. [Enter as appropriate].

4. Responsibility

The information security engineer is responsible for:

4.1. For improper performance or failure to fulfill one’s official duties as provided for in this job description, within the limits specified labor legislation Russian Federation.

4.2. For offenses committed in the course of carrying out their activities - within the limits determined by the administrative, criminal and civil legislation of the Russian Federation.

4.3. For causing material damage- within the limits determined by the labor and civil legislation of the Russian Federation.

The job description has been developed in accordance with [name, number and date of document].

Head of structural unit

[initials, surname]

[signature]

[day month Year]

Agreed:

Head of the legal department

[initials, surname]

[signature]

[day month Year]

I have read the instructions:

[initials, surname]

[signature]

[day month Year]

GENERAL PROVISIONS

1.1. This job description defines functional! duties, rights and responsibilities of an information security engineer.

1.2. An information security engineer is appointed and dismissed in accordance with the procedure established by current labor legislation by order of the director of the enterprise.

1.3. The information security engineer reports directly to the head of the service information security(or the head of the SBP).

1.4. A person who has:

1.4.1. Qualification requirements - highest professional! (technical) education without requirements for work experience or secondary vocational (technical) education and work experience ■ positions of category I information security technician for at least 3 years or other positions filled by specialists with secondary vocational education, at least 5 years.

1.5. An information security engineer must know:

Resolutions, instructions, orders, methodological normative materials on issues related to ensuring technical protection of information;

Specialization of the enterprise and features of its activities;

Methods and means of obtaining, processing and transmitting information;

Scientific, technical and other special literature on technical support for information security;

Technical means of information security;

Software and mathematical means of information security;

The procedure for preparing technical documentation on information security;

Channels of possible information leakage;

Methods of analysis and protection of information;

Organization of information protection work;

Instructions for compliance with the regime for carrying out special work;

Domestic and foreign experience in the field of technical intelligence and information security;

Fundamentals of economics, organization of production, labor and management;

Fundamentals of labor legislation;

Labor protection rules and regulations.

1.6. During the temporary absence of an information security engineer, his responsibilities are assigned to ___________________________________________________.

FUNCTIONAL RESPONSIBILITIES

2.1. The functional responsibilities of the Information Security Engineer are determined on the basis and extent qualification characteristics for the position of information security engineer and can be supplemented and clarified when preparing a job description based on specific circumstances.

2.2. Information security engineer:

2.2.1. Performs work on the design and implementation of special technical and software-mathematical means of information protection, provision of organizational and engineering measures for the protection of information systems, conducts research in order to find and select the most appropriate practical solutions within the assigned task.

2.2.2. Carries out the selection, study and synthesis of scientific and technical literature, normative and methodological materials on technical means and methods of information protection.

2.2.3. Participates in the review of draft technical specifications, plans and schedules for work on technical information security, and in the development of the necessary technical documentation.

2.2.4. Draws up calculation methods and experimental research programs for technical information security, performs calculations in accordance with developed methods and programs.

2.2.5. Conducts comparative analysis of research and testing data, studies possible sources and channels of information leakage.

2.2.6. Carries out the development of technical support for an information security system, technical maintenance of information security tools, takes part in drawing up recommendations and proposals for improving and increasing the efficiency of information security, in writing and designing sections of scientific and technical reports.

2.2.7. Compiles information reviews on technical information security. Performs operational tasks related to ensuring control of technical means and mechanisms of the information security system, participates in inspections of institutions, organizations and enterprises to comply with the requirements of regulatory and technical documentation for information security, in the preparation of reviews and conclusions on regulatory and methodological materials and technical documentation.

2.2.8. Prepares proposals for concluding agreements and contracts with other institutions, organizations and enterprises providing services in the field of technical means of information security, draws up requests for the necessary materials, equipment, devices.

2.2.9. Participates in the certification of objects, premises, hardware, programs, algorithms for compliance with information protection requirements for the relevant security classes.

2.2.10. Conducts control checks of the operability and effectiveness of existing systems and technical means of information security, draws up and draws up reports of control checks, analyzes the results of checks and develops proposals for improving and increasing the effectiveness of measures taken.

2.2.11. Studies and summarizes the experience of other institutions, organizations and enterprises in the use of technical means and methods of protecting information in order to increase the efficiency and improve the work to protect it and preserve state secrets.

2.2.12. Performs work on time at a high scientific and technical level, observing the requirements of the instructions for the work schedule.

RIGHTS

3.1. The information security engineer has the right:

3.1.1. _____________________________________.

3.1.2. ____________________________________.

3.1.3. ____________________________________.

3.1.4. ____________________________________.

RESPONSIBILITY

4.1. The Information Security Engineer is responsible for:

4.1.1. Failure to fulfill one’s functional duties.

4.1.2. Inaccurate information about the status of execution of received tasks and instructions, violation of deadlines for their execution.

4.1.3. Failure to comply with orders, instructions from the director of the enterprise, instructions and assignments of the head of the department.

4.1.4. Violation of internal labor regulations, fire safety and safety rules established nL enterprise.

WORKING CONDITIONS

5.1. The work schedule of an information security engineer is determined in accordance with the internal labor regulations established at the enterprise.

5.2. Due to production needs, an information security engineer may be sent to business trips(including local significance).

I have read the instructions:__________________________ ________________

(signature) (full name)

"____"_________________________ __________G.

Job descriptions for other categories of information security specialists are similarly drawn up and approved.

Control questions

1. List the types of activities performed by the information security service (IS).

2. Who should be part of the SZI?

3. List the main organizational technical events performed by SZI employees.

4. What are the main responsibilities of the head of the information security system?

5. What should an information security employee do?

6. Using the example of a job description for an information security engineer, describe the four required sections of such documents.

7. What should an information security engineer know?

In the open spaces, ConsultantPlus unexpectedly found a rather interesting form of job description for an information security specialist in key systems information infrastructure. As the unknown author says, “the form was prepared using legal acts as of 02/03/2014.”

Interesting, but sometimes controversial (debatable) provisions. For those who are involved in the topic of protecting the air defense system, it may be useful to familiarize themselves with the aspen points, they are further on.

1.1. This job description defines functional responsibilities, rights and responsibilities of a specialist in ensuring information security in key information infrastructure systems _______________ (hereinafter referred to as the Organization).

1.5. An information security specialist in key information infrastructure systems must know:

Laws and other regulations legal acts of the Russian Federation, regulating relations related to the protection of state secrets and other restricted information; regulatory and methodological documents on issues related to ensuring information security;

The structure of management, communication and automation and the main elements of the key information infrastructure system of the Organization;

Access control subsystems, attack detection subsystems, protection against intentional influences, information integrity monitoring subsystems;

The procedure for creating a secure channel between interacting objects through a public system using dedicated communication channels;

The procedure for authenticating interacting objects and verifying the authenticity of the sender and the integrity of data transmitted through the public system;

Equipping the Organization with basic and auxiliary technical means and systems, prospects for their development and modernization;

Prospects and directions for the development of methods and means of technical, software and hardware for protecting information from destructive information influences;

The procedure for designing and certification of informatization objects; monitoring the effectiveness of information protection at informatization facilities;

The procedure for monitoring the use of open radio communication channels;

Methods and means of identifying threats to information security, techniques for identifying information leakage channels;

Methods scientific research, developments in technical information security;

The procedure for examining key information infrastructure systems, drawing up inspection reports, test reports, instructions for the right to operate special means of ensuring information security, as well as regulations, instructions and other organizational and administrative documents;

Powers to ensure information security, capabilities and procedures for using standard technical means of ensuring information security and monitoring their effectiveness;

Methods for analyzing the results of inspections, recording violations of information security requirements;

Methodology for preparing proposals, methods and means of performing computational work in the interests of planning, organizing and carrying out work to ensure information security and ensure state secrets;

Achievements of science and technology in the country and abroad in the field of technical intelligence and information security;

Methods for assessing the professional level of information security specialists, certification of specialists;

Fundamentals of labor legislation;

Labor protection and fire safety rules.

2. FUNCTIONAL RESPONSIBILITIES

Information security specialist in key information infrastructure systems:

2.1. Performs measures to ensure information security in key information infrastructure systems.

2.2. Identifies possible threats to information security, software and hardware vulnerabilities, develops intrusion detection technologies, assesses and reassesses the risks associated with threats of destructive information impacts that can cause damage to systems and networks due to unauthorized access, use of disclosure, modification or destruction of information and information resources. control systems.

2.3. Defines restrictions on information input, procedures for managing security incidents and preventing their development, the procedure for connecting to open information systems, taking into account the security associated with access agreements and resource prioritization, requirements for places of backup storage, processing and copying of information, service priorities for use of primary and backup telecommunications services (services).

2.4. Develops procedures for protecting storage media, communications and restoring information and management systems after a failure or failure.

2.5. Monitors activities to ensure information security in key information infrastructure systems; information, logistics and scientific and technical support for information security; monitoring the status of work to ensure information security in key information infrastructure systems and their compliance with regulatory legal acts of the Russian Federation.

2.6. Provides feedback and conclusions on projects of newly created and modernized facilities and other developments on issues of ensuring information security in key information infrastructure systems.

2.7. Participates in the review of technical specifications for research and development work to ensure information security in key information infrastructure systems, assesses their compliance with current regulatory and methodological documents.

2.8. Participates in the implementation of new means of technical information security.

2.9. Promotes the dissemination of best practices in the Organization and the introduction of modern organizational and technical measures, means and methods for ensuring information security in key information infrastructure systems.

2.10. Conducts assessments of the technical and economic level and effectiveness of proposed and implemented organizational and technical solutions to ensure information security in key information infrastructure systems.

2.11. Develops lists of personnel access to protection facilities, procedures and rules of conduct for employees, including during their relocation, dismissal and interaction with personnel of third-party organizations.

2.12. Provides guidance and training to staff on actions in crisis situations, including the procedures for management and other responsible persons of key information infrastructure systems.

2. FUNCTIONAL RESPONSIBILITIES

3. RESPONSIBILITY

4. WORKING CONDITIONS

You can download the information security engineer job description for free. Job responsibilities of an information security engineer I approve (Last name, initials) (name of the organization, its organizational - legal form) (director; other person authorized to approve the job description) 00.00.201_g. m.p. JOB DESCRIPTION OF INFORMATION PROTECTION ENGINEER (name of institution) 00.00.201_g. №00 1. General provisions 1.1. This job description defines the job duties, rights and responsibilities of an information security engineer (hereinafter referred to as the “enterprise”). Name of institution 1.2.

Job Description for Information Security Engineer

Full name) Structural unit: Information Security Department Position: Information Security Engineer 00.00.0000

1. General provisions

This job description defines the functional duties, rights and responsibilities of an information security engineer. An information security engineer is classified as a specialist.

An information security engineer is appointed and dismissed in accordance with the procedure established by current labor legislation by order of the director of the enterprise upon the recommendation of the head of the information security department. Relationships by position: 1.4.1 Direct subordination to the Head of the Information Security Department 1.4.2.

Job Descriptions

Important

Monitors activities to ensure information security in key information infrastructure systems; information, logistics and scientific and technical support for information security; monitoring the status of work to ensure information security in key information infrastructure systems and their compliance with regulatory legal acts of the Russian Federation. 2.6. Provides feedback and conclusions on projects of newly created and modernized facilities and other developments on issues of ensuring information security in key information infrastructure systems.

Attention

Participate in the certification of premises, objects, technical means, algorithms and programs for compliance with their information protection requirements according to the relevant security classes. 2.18. Submit requests for equipment, necessary materials and devices. 2.19. Conduct control checks of the effectiveness and operability of existing technical means and information security systems.

Job description of technical information security engineer

Draws up calculation methods and experimental research programs for technical information security, performs calculations in accordance with developed methods and programs. 2.5. Conducts comparative analysis of research and testing data, studies possible sources and channels of information leakage.
2.6.

Carries out the development of technical support for an information security system, technical maintenance of information security tools, takes part in drawing up recommendations and proposals for improving and increasing the efficiency of information security, in writing and designing sections of scientific and technical reports. 2.7. Compiles information reviews on technical information security.

Information security engineer

Appointment to the position of information security engineer and dismissal from it are made by order of the head of the enterprise upon the recommendation of the head of the information security department. 1.4. An information security engineer must know: - regulations, instructions, orders, methodological and regulatory materials on issues related to ensuring technical information security; — specialization of the enterprise, its divisions and features of their activities; — methods and means of obtaining, processing and transmitting information; — technical means of information security; — software and mathematical means of information security; — the procedure for preparing technical documentation on information security; — procedure for using scientific and technical documentation, etc.

Job Description for Information Security Engineer

Performs work on the design and implementation of special technical and software and mathematical means of information protection, provision of organizational and engineering and technical measures for information protection, provision of organizational and engineering and technical measures for the protection of information systems, conducts research in order to find and select the most appropriate practical solutions within assigned task. 2.2. Carries out the selection, study and synthesis of scientific and technical literature, regulatory and methodological materials on technical means with methods of information protection. 2.3. Participates in the review of draft technical specifications, plans and schedules for work on technical information security, and in the development of the necessary technical documentation. 2.4.

Job responsibilities of an information security engineer

Receive official information necessary to carry out your duties. 4. RESPONSIBILITY The technical information security engineer is responsible for: 4.1.

For failure to perform or improper performance of their duties provided for in this job description - in accordance with current labor legislation. 4.2. For offenses committed during the period of its activities - in accordance with current civil, administrative and criminal legislation.
4.3. For causing material damage - in accordance with current legislation. 5. CONDITIONS AND WORK EVALUATION 5.1. The work schedule of a technical information security engineer is determined in accordance with the internal labor regulations established in the Organization.
5.2.

Within the limits of your competence, inform your immediate supervisor about all shortcomings in the activities of the enterprise (structural divisions) identified during the performance of official duties and make proposals for their elimination. 3.4. Request personally or on behalf of your immediate supervisor from department specialists information and documents necessary to perform your job duties.

3.5. Involve specialists from all (individual) structural divisions in solving the duties assigned to him (if this is provided for by the regulations on structural divisions, if not, with the permission of the head of the enterprise). 3.6. Demand from your immediate supervisor or the management of the enterprise to provide assistance in the performance of their official duties and rights. 3.7. . 4.
Conducts control checks of the operability and effectiveness of existing systems and technical means of information security, draws up and draws up reports of control checks and develops proposals for improving and increasing the effectiveness of measures taken. 12. Studies and summarizes the experience of other organizations in the use of technical means and methods of protecting information in order to increase the efficiency and improve the work on its protection and preservation of state secrets. 13.

Performs work on time at a high scientific and technical level, observing the requirements of the instructions for the work schedule. III. Rights The information security engineer has the right: 1.

Get acquainted with draft decisions of the enterprise management concerning its activities. 2.

Job description for information security engineer sample

Perform calculations in accordance with developed programs and methods. 2.7. Study possible channels of information leakage. 2.8. Carry out the development of technical support for an information security system and Maintenance information security tools. 2.9. Analyze test and research data. 2.10.Participate in the preparation of proposals and recommendations for improving and increasing the efficiency of information security. 2.11. Compile information reviews on technical information security. 2.12.

Take part in writing and designing sections of scientific and technical reports. 2.13. Perform operational tasks that are related to ensuring control of technical means and mechanisms of the information security system.

2.14. Participate in the preparation of conclusions and reviews of technical documentation and regulatory and methodological materials.

Job description of a hospital information security engineer

Performs work on the design and implementation of special technical and software and mathematical means of information protection, provision of organizational and engineering and technical measures for information protection, provision of organizational and engineering and technical measures for the protection of information systems, conducts research in order to find and select the most appropriate practical solutions within assigned task. 2. Carries out the selection, study and synthesis of scientific and technical literature, regulatory and methodological materials on technical means and methods of information protection.

3. Participates in the review of draft technical specifications, plans and schedules for work on technical information security, and in the development of the necessary technical documentation. 4.