FREQUENTLY ASKED QUESTIONS
QUESTION: What information should be provided to certify information security system?
ANSWER:
LIST OF REFERENCE DATA SUBMITTED BY THE APPLICANT
TO CERTIFY INFORMATION SECURYTI SYSTEM
- Fullname of the information system, its purpose.
- The list information, distribution and (or) limited provision.
- Organizational structure of an information system.
- Rules of differentiation of access in the information system.
- The model of the rules infringer of access control information system.
- The complex of technical means, which is processed by the protected information.
- The structure of the software used, intended for the treatment of sensitive information, the protocols of information exchange.
- General functional scheme of the information system, including the scheme of information flows and modes of protected information processing.
- The presence and character of interaction with other objects.
- The composition and structure of information security systems.
- Information about the developers of the systems of information protection.
- Presence of certificates of conformity or expert conclusions on information protection.
- The existence and basic characteristics of physical security information system (premises, where it is processed protected data and stores information carriers).
- The documents establishing the classification of the information system to the class of typical objects of Informatization according to STB 34.101/30-2007/
- Job security for the information system.
- The design and operational documentation for information, other data that affect information security.
- Organizational and administrative documents regulating matters of ensuring information security in the information system (extracts from documents), including:
- document, confirming availability of organization departments on technical protection of information or a specially appointed official responsible for implementation of measures of technical protection of information;
- instruction on protection of information in the information system;
- the instruction on the procedure of application of means of information protection in the information system;
- the program of carrying out of acceptance tests of the systems of information protection;
- Act and Protocol of acceptance testing of information security systems;
- the test protocols, means of information protection;
- assessment of job security.
Ask your question