Job description of an information security engineer. Job description of a specialist in ensuring information security in key information infrastructure systems I. General provisions

20.11.2020

Job responsibilities.

Performs work on the design and implementation of special technical and software-mathematical means of information protection, ensuring organizational and engineering and technical protection measures information systems, conducts research in order to find and select the most appropriate practical solutions within the limits of the task. Carries out the selection, study and generalization of scientific and technical literature, regulatory and teaching materials on technical means and methods of information protection. Participates in the review of draft technical specifications, plans and schedules for the technical protection of information, in the development of the necessary technical documentation. Compiles calculation methods and programs for experimental research on the technical protection of information, performs calculations in accordance with the developed methods and programs. Conducts a comparative analysis of research and test data, studies possible sources and channels of information leakage. Carries out the development of technical support for the information security system, Maintenance means of information protection, takes part in the preparation of recommendations and proposals for improving and increasing the efficiency of information protection, in writing and designing sections of scientific and technical reports. Compiles information reviews on the technical protection of information. Performs operational tasks related to ensuring control technical means and mechanisms of the information security system, participates in inspections of institutions, organizations and enterprises to comply with the requirements of regulatory and technical documentation for information security, in the preparation of reviews and conclusions on regulatory and methodological materials and technical documentation. Prepares proposals for concluding agreements and contracts with other institutions, organizations and enterprises providing services in the field of technical means of information security, draws up applications for the necessary materials, equipment, devices. Participates in the certification of objects, premises, technical means, programs, algorithms for compliance with the requirements of information security for the relevant security classes. Conducts control checks of the operability and efficiency of existing systems and technical means of information protection, draws up and draws up acts of control checks, analyzes the results of checks and develops proposals for improving and increasing the effectiveness of measures taken. It studies and summarizes the experience of other institutions, organizations and enterprises on the use of technical means and methods of protecting information in order to increase efficiency and improve work on its protection and the preservation of state secrets. Performs work on time at a high scientific and technical level, observing the requirements of instructions on the mode of work.

The information security engineer must know:

resolutions, orders, orders, methodological and regulatory materials on issues related to ensuring the technical protection of information; specialization of the enterprise and features of its activity; methods and means of obtaining, processing and transmitting information; scientific, technical and other specialized literature on the technical support of information security; technical means of information protection; software and mathematical means of information protection; the procedure for issuing technical documentation on information protection; channels of possible information leakage; methods of analysis and protection of information; organization of work on information protection; instructions for compliance with the regime of special work; domestic and Foreign experience in the field of technical intelligence and information protection; fundamentals of economics, organization of production, labor and management; fundamentals of labor legislation; labor protection rules and regulations.

Requirements for the qualification of an Information Security Engineer.

Higher vocational (technical) education without presenting requirements for work experience or secondary vocational (technical) education and work experience in the position of an information security technician of category I for at least 3 years or other positions occupied by specialists with secondary vocational education, not less than 5 years.

You can download the information security engineer job description for free. Job Responsibilities information security engineer I approve (Last name, initials) (name of the organization, its organizational - legal form) (director; other person authorized to approve the job description) 00.00.201_g. m.p. JOB INSTRUCTIONS FOR INFORMATION PROTECTION ENGINEER (name of institution) 00.00.201_g. No. 00 1. General provisions 1.1. This job description defines the job duties, rights and responsibilities of an information security engineer (hereinafter referred to as the "enterprise"). Name of institution 1.2.

Job description of an information security engineer

Full name) Structural unit: Information security department Position: Information security engineer 00.00.0000

  1. General provisions

This job description defines the functional duties, rights and responsibilities of an information security engineer. An information security engineer belongs to the category of specialists.

The information security engineer is appointed to the position and dismissed from the position in the established current labor law by order of the director of the enterprise on the proposal of the head of the information protection department. Relationships by position: 1.4.1 Direct subordination to the Head of the Information Protection Department 1.4.2.

Job Descriptions

Important

Carries out control over activities to ensure the security of information in key systems of the information infrastructure; informational, logistical and scientific and technical support of information security; monitoring the status of work to ensure information security in key systems of the information infrastructure and their compliance with regulatory legal acts Russian Federation. 2.6. Gives feedback and opinions on projects of newly created and modernized facilities and other developments on the issues of ensuring information security in key information infrastructure systems.


2.7. Participates in the review of technical specifications for research and development work to ensure the security of information in key information infrastructure systems, assesses their compliance with current regulatory and methodological documents. 2.8.
Participate in audits of the enterprise to comply with the requirements of regulatory and technical documentation on information security. 2.16. Prepare proposals for concluding contracts and signing agreements with other enterprises that provide services in the field of technical means of information security.
2.17.

Attention

Participate in the certification of premises, facilities, technical means, algorithms and programs for compliance with their information security requirements for the relevant security classes. 2.18. Draw up applications for equipment, necessary materials and devices. 2.19. Conduct control checks of the effectiveness and efficiency of existing technical means and information security systems.


2.20. Develop proposals aimed at improving the efficiency and improvement of the measures taken. 2.21. Compile and execute acts of control checks. 2.22.

Job description of an engineer for technical protection of information

Compiles calculation methods and experimental research programs for technical protection of information, performs calculations in accordance with the developed methods and programs. 2.5. Conducts a comparative analysis of research and test data, studies possible sources and channels of information leakage.
2.6.

Carries out the development of technical support for the information security system, maintenance of information security tools, takes part in the preparation of recommendations and proposals for improving and increasing the efficiency of information security, in writing and designing sections of scientific and technical reports. 2.7. Compiles information reviews on the technical protection of information.

Information security engineer

Appointment to the position of an information security engineer and dismissal from it is carried out by order of the head of the enterprise on the proposal of the head of the information security department. 1.4. An information security engineer must know: - resolutions, orders, orders, methodological and regulatory materials on issues related to ensuring the technical protection of information; - specialization of the enterprise, its divisions and features of their activities; — methods and means of obtaining, processing and transmitting information; — technical means of information protection; - software and mathematical means of information protection; – the procedure for issuing technical documentation on information security; – the procedure for using scientific and technical documentation, etc.

Information Security Engineer Job Description

Performs work on the design and implementation of special technical and software-mathematical means of information protection, ensuring organizational and engineering measures for protecting information, providing organizational and engineering measures for protecting information systems, conducts research in order to find and select the most appropriate practical solutions within assigned task. 2.2. Carries out the selection, study and generalization of scientific and technical literature, regulatory and methodological materials on technical means with information security methods. 2.3. Participates in the review of draft technical specifications, plans and schedules for the technical protection of information, in the development of the necessary technical documentation. 2.4.

Job Responsibilities of an Information Security Engineer

Receive official information necessary for the performance of their duties. 4. RESPONSIBILITIES The information security engineer is responsible for: 4.1.

For failure to perform or improper performance of their duties under this job description - in accordance with applicable labor laws. 4.2. For offenses committed during the period of its activities - in accordance with the current civil, administrative and criminal legislation.
4.3. For causing material damage - in accordance with applicable law. 5. CONDITIONS AND EVALUATION OF WORK 5.1. The work schedule of an information security engineer is determined in accordance with the internal labor regulations established by the Organization.
5.2.

Within the limits of his competence, inform his immediate supervisor about all shortcomings in the activities of the enterprise (structural divisions) identified in the course of the performance of official duties and make proposals for their elimination. 3.4. Request information and documents necessary for the performance of their duties from specialists of departments personally or on behalf of their immediate supervisor.

3.5. Involve specialists of all (individual) structural divisions to the solution of the duties assigned to him (if this is provided for by the regulations on structural divisions, if not, with the permission of the head of the enterprise). 3.6. Require from his immediate supervisor, the management of the enterprise to assist in the performance of his duties and rights. 3.7. . 4.
Conducts control checks of the operability and efficiency of existing systems and technical means of information protection, draws up and draws up acts of control checks and develops proposals for improving and increasing the effectiveness of the measures taken. 12. Study and summarize the experience of other organizations on the use of technical means and methods of protecting information in order to increase efficiency and improve work on its protection and the preservation of state secrets. thirteen.

Performs work on time at a high scientific and technical level, observing the requirements of instructions on the mode of work. III. Rights The Information Security Engineer has the right to: 1.

Get acquainted with the draft decisions of the management of the enterprise regarding its activities. 2.

Job description of an information security engineer sample

Perform calculations in accordance with the developed programs and methods. 2.7. Explore possible channels of information leakage. 2.8. To carry out the development of technical support for the information security system and maintenance of information security tools. 2.9. Analyze test and study data. 2.10. Participate in the preparation of proposals and recommendations for improving and increasing the efficiency of information protection. 2.11. Compile information reviews on the technical protection of information. 2.12.

Participate in the writing and design of sections of scientific and technical reports. 2.13. Perform operational tasks that are related to ensuring the control of technical means and mechanisms of the information security system.

2.14. Participate in the preparation of conclusions and reviews on technical documentation and regulatory and methodological materials.

Hospital Information Security Engineer Job Description

Performs work on the design and implementation of special technical and software-mathematical means of information protection, ensuring organizational and engineering measures for protecting information, providing organizational and engineering measures for protecting information systems, conducts research in order to find and select the most appropriate practical solutions within assigned task. 2. Carries out the selection, study and generalization of scientific and technical literature, regulatory and methodological materials on technical means and methods of information protection.

3. Participates in the review of draft technical specifications, plans and schedules for the technical protection of information, in the development of the necessary technical documentation. 4.

GENERAL PROVISIONS

1.1. This job description defines functional! duties, rights and responsibilities of an information security engineer.

1.2. An information security engineer is appointed and dismissed in accordance with the procedure established by the current labor legislation by order of the director of the enterprise.

1.3. The information security engineer reports directly to the head of the service information security(or the head of the SBP).

1.4. A person who has:

1.4.1. Qualification requirements - higher professional! (technical) education without presenting requirements for work experience or secondary vocational (technical) education and work experience ■ position of an information security technician of category I for at least 3 years or other positions filled by specialists with secondary vocational education for at least 5 years.

1.5. The information security engineer must know:

Decrees, orders, orders, methodological normative materials on issues related to ensuring the technical protection of information;

Specialization of the enterprise and features of its activity;

Methods and means of obtaining, processing and transmitting information;

Scientific, technical and other specialized literature on the technical support of information security;

Technical means of information protection;

Software-mathematical means of information protection;

The procedure for issuing technical documentation on information security;

Channels of possible information leakage;

Methods of analysis and protection of information;

Organization of work on information protection;

Instructions for compliance with the regime of special work;

Domestic and foreign experience in the field of technical intelligence and information protection;

Fundamentals of economics, organization of production, labor and management;

Basics of labor legislation;

Rules and norms of labor protection.

1.6. During the period of temporary absence of an information security engineer, his duties are assigned to __________________________________________________.

FUNCTIONAL RESPONSIBILITIES

2.1. Functional responsibilities Information Security Engineers are identified based on and to the extent qualification characteristic by the position of an information security engineer and can be supplemented, clarified in the preparation of the job description based on specific circumstances.

2.2. Information Security Engineer:

2.2.1. Performs work on the design and implementation of special technical and software-mathematical means of information protection, providing organizational and engineering measures for the protection of information systems, conducts research in order to find and select the most appropriate practical solutions within the task.



2.2.2. Carries out the selection, study and generalization of scientific and technical literature, regulatory and methodological materials on technical means and methods of information protection.

2.2.3. Participates in the review of draft technical specifications, plans and schedules for the technical protection of information, in the development of the necessary technical documentation.

2.2.4. Compiles calculation methods and programs for experimental research on the technical protection of information, performs calculations in accordance with the developed methods and programs.

2.2.5. Conducts a comparative analysis of research and test data, studies possible sources and channels of information leakage.

2.2.6. Carries out the development of technical support for the information security system, maintenance of information security tools, takes part in the preparation of recommendations and proposals for improving and increasing the efficiency of information security, in writing and designing sections of scientific and technical reports.

2.2.7. Compiles information reviews on the technical protection of information. Performs operational tasks related to ensuring the control of technical means and mechanisms of the information security system, participates in conducting inspections of institutions, organizations and enterprises to comply with the requirements of regulatory and technical documentation for information security, in preparing reviews and conclusions on regulatory and methodological materials and technical documentation.

2.2.8. Prepares proposals for concluding agreements and contracts with other institutions, organizations and enterprises providing services in the field of technical means of information security, draws up applications for the necessary materials, equipment, devices.



2.2.9. Participates in the certification of objects, premises, technical means, programs, algorithms for compliance with the requirements of information security for the relevant security classes.

2.2.10. Conducts control checks of the operability and efficiency of existing systems and technical means of information protection, draws up and draws up acts of control checks, analyzes the results of checks and develops proposals for improving and increasing the effectiveness of the measures taken.

2.2.11. It studies and summarizes the experience of other institutions, organizations and enterprises on the use of technical means and methods of protecting information in order to increase efficiency and improve work on its protection and the preservation of state secrets.

2.2.12. Performs work on time at a high scientific and technical level, observing the requirements of instructions on the mode of work.

RIGHTS

3.1. The information security engineer has the right to:

3.1.1. _____________________________________.

3.1.2. ____________________________________.

3.1.3. ____________________________________.

3.1.4. ____________________________________.

RESPONSIBILITY

4.1. The information security engineer is responsible for:

4.1.1. Failure to fulfill their functional duties.

4.1.2. Inaccurate information about the status of execution" of the received tasks and instructions, violation of the deadlines for their execution.

4.1.3. Failure to comply with orders, orders of the director of the enterprise, instructions and tasks of the head of the department.

4.1.4. Violation of the Internal Labor Regulations, fire safety and safety regulations established by NL enterprise.

WORKING CONDITIONS

5.1. The work schedule of an information security engineer is determined in accordance with the internal labor regulations established at the enterprise.

5.2. In connection with the production need, an information security engineer may be sent to business trips(including local importance).

I am familiar with the instruction: ________________________________ ________________

(signature) (full name)

"____"_________________________ __________G.

Similarly, job descriptions are drawn up and approved for other categories of GIS specialists.

test questions

1. List the activities performed by the information security service (ISS).

2. Who should be part of the ISS?

3. Name the list of main organizational technical measures carried out by employees of the SZI.

4. What are the main responsibilities of the head of the information security facility

5. What should an IPS officer do?

6. Using the job description of an information security engineer as an example, describe the four mandatory sections of such documents.

7. What should an information security engineer know?

Qualification

1. An information security engineer is assigned to the category of specialists

2. A person who has a higher professional (technical) education without any requirements for work experience or a secondary professional (technical) education and at least 3 years of experience in the position of an information security technician of category I for at least 3 years or other positions is appointed to the position of Information Security Engineer, replaced by specialists with secondary vocational education, at least 5 years.

3. An information security engineer must know:

  • resolutions, orders, orders, methodological and regulatory materials on issues related to ensuring the technical protection of information;
  • specialization of the enterprise and features of its activity;
  • methods and means of obtaining, processing and transmitting information;
  • scientific, technical and other specialized literature on the technical support of information security;
  • technical means of information protection;
  • software and mathematical means of information protection;
  • the procedure for issuing technical documentation on information protection;
  • channels of possible information leakage;
  • methods of analysis and protection of information;
  • organization of work on information protection;
  • instructions for compliance with the regime of special work;
  • domestic and foreign experience in the field of technical intelligence and information protection;
  • fundamentals of economics, organization of production, labor and management;
  • fundamentals of labor legislation;
  • labor protection rules and regulations.

Job Responsibilities

1. The functional responsibilities of the Information Security Engineer are determined on the basis and to the extent of the qualification characteristics for the position of Information Security Engineer and can be supplemented, clarified when preparing the job description based on specific circumstances.

2. Information security engineer:

  • Performs work on the design and implementation of special technical and software-mathematical means of information protection, providing organizational and engineering measures for the protection of information systems, conducts research in order to find and select the most appropriate practical solutions within the task.
  • Carries out the selection, study and generalization of scientific and technical literature, regulatory and methodological materials on technical means and methods of information protection.
  • Participates in the review of draft technical specifications, plans and schedules for the technical protection of information, in the development of the necessary technical documentation.
  • Compiles calculation methods and programs for experimental research on the technical protection of information, performs calculations in accordance with the developed methods and programs.
  • Conducts a comparative analysis of research and test data, studies possible sources and channels of information leakage.
  • Carries out the development of technical support for the information security system, maintenance of information security tools, takes part in the preparation of recommendations and proposals for improving and increasing the efficiency of information security, in writing and designing sections of scientific and technical reports.
  • Compiles information reviews on the technical protection of information. Performs operational tasks related to ensuring the control of technical means and mechanisms of the information security system, participates in conducting inspections of institutions, organizations and enterprises to comply with the requirements of regulatory and technical documentation for information security, in preparing reviews and conclusions on regulatory and methodological materials and technical documentation.
  • Prepares proposals for concluding agreements and contracts with other institutions, organizations and enterprises providing services in the field of technical means of information security, draws up applications for the necessary materials, equipment, devices.
  • Participates in the certification of objects, premises, technical means, programs, algorithms for compliance with the requirements of information security for the relevant security classes.
  • Conducts control checks of the operability and efficiency of existing systems and technical means of information protection, draws up and draws up acts of control checks, analyzes the results of checks and develops proposals for improving and increasing the effectiveness of measures taken.
  • It studies and summarizes the experience of other institutions, organizations and enterprises on the use of technical means and methods of protecting information in order to increase efficiency and improve work on its protection and the preservation of state secrets.
  • Performs work on time at a high scientific and technical level, observing the requirements of instructions on the mode of work.

Rights

1. An information security engineer has the right to give instructions to subordinate employees and services, tasks on a range of issues included in his functional duties.

2. An information security engineer has the right to control the fulfillment of production tasks, the timely execution of individual orders by his subordinate services and divisions.

We bring to your attention a typical example of a job description for an information security engineer, a sample of 2019/2020. A person who has a higher professional (technical) education without presenting requirements for work experience or secondary professional (technical) education and work experience in the position of an information security technician of category I for at least 3 years or other positions filled by specialists with secondary vocational education, not less than 5 years. Do not forget, each instruction of an information security engineer is issued on hand against receipt.

It provides typical information about the knowledge that an information security engineer should have. About duties, rights and responsibilities.

This material is included in the huge library of our site, which is updated daily.

1. General Provisions

1. An information security engineer belongs to the category of specialists.

2. An information security engineer accepts a person who has a higher professional (technical) education without presenting requirements for work experience or secondary vocational (technical) education and work experience in the position of an information security technician of category I for at least 3 years or other positions filled by specialists with secondary vocational education, not less than 5 years.

3. An information security engineer is hired and dismissed by ___________ of the organization (director, head) on the proposal of _________. (position)

4. An information security engineer must know:

- resolutions, orders, orders, methodological and regulatory materials on issues related to ensuring the technical protection of information;

- specialization of the enterprise and features of its activities;

— methods and means of obtaining, processing and transmitting information;

— scientific, technical and other specialized literature on the technical support of information security;

— technical means of information protection;

- software and mathematical means of information protection;

– the procedure for issuing technical documentation on information security;

- channels of possible information leakage;

— methods of analysis and protection of information;

— organization of work on information protection;

- instructions for compliance with the regime of special work;

— domestic and foreign experience in the field of technical intelligence and information protection;

— fundamentals of economics, organization of production, labor and management;

— basics of labor legislation;

- Rules and norms of labor protection.

5. In his work, the information security engineer is guided by:

- the legislation of the Russian Federation,

- Charter (regulations) of the organization,

- orders and instructions of __________ organization, ( CEO, director, leader)

- this job description,

— Rules of internal labor regulations of the organization.

6. Information security engineer reports directly to: __________. (position)

7. During the absence of an information security engineer (business trip, vacation, illness, etc.), his duties are performed by a person appointed by __________ (position) of the organization in the prescribed manner, who acquires the appropriate rights, duties and is responsible for the performance of his duties.

2. Job responsibilities of an information security engineer

Information Security Engineer:

1. Performs work on the design and implementation of special technical and software-mathematical means of information protection, ensuring organizational and engineering measures for the protection of information systems, conducts research in order to find and select the most appropriate practical solutions within the task.

2. Carries out the selection, study and generalization of scientific and technical literature, regulatory and methodological materials on technical means and methods of information protection.

3. Participates in the review of draft technical specifications, plans and schedules for the technical protection of information, in the development of the necessary technical documentation.

4. Compiles calculation methods and programs for experimental research on the technical protection of information, performs calculations in accordance with the developed methods and programs.

5. Conducts a comparative analysis of research and test data, studies possible sources and channels of information leakage.

6. Carries out the development of technical support for the information security system, maintenance of information security tools, takes part in the preparation of recommendations and proposals for improving and increasing the efficiency of information security, in writing and designing sections of scientific and technical reports.

7. Compiles information reviews on the technical protection of information.

8. Performs operational tasks related to ensuring the control of technical means and mechanisms of the information security system, participates in audits of institutions, organizations and enterprises to comply with the requirements of regulatory and technical documentation for information security, in the preparation of reviews and conclusions on regulatory and methodological materials and technical documentation.

9. Prepares proposals for concluding agreements and contracts with other institutions, organizations and enterprises providing services in the field of technical means of information security, draws up applications for the necessary materials, equipment, devices.

10. Participates in the certification of objects, premises, technical means, programs, algorithms for compliance with the requirements of information security for the relevant security classes.

11. Carries out control checks of the operability and efficiency of existing systems and technical means of information protection, draws up and draws up acts of control checks, analyzes the results of checks and develops proposals for improving and increasing the effectiveness of the measures taken.

12. Study and generalize the experience of other institutions, organizations and enterprises on the use of technical means and methods of protecting information in order to increase the efficiency and improve work on its protection and the preservation of state secrets.

13. Performs work in a timely manner at a high scientific and technical level, observing the requirements of instructions on the mode of work.

3. Rights of the Information Security Engineer

The information security engineer has the right to:

1. Submit proposals for management consideration:

– to improve the work related to the provisions of this responsibilities,

- on the promotion of distinguished employees subordinate to him,

- on bringing to material and disciplinary responsibility of employees who violated production and labor discipline.

2. Request from structural divisions and employees of the organization the information necessary for him to perform his duties.

3. Get acquainted with the documents that define his rights and obligations in his position, the criteria for assessing the quality of performance of official duties.

4. Get acquainted with the draft decisions of the organization's management regarding its activities.

5. Require the management of the organization to provide assistance, including the provision of organizational and technical conditions and execution of the established documents necessary for the performance of official duties.

6. Other rights established by the current labor legislation.

4. Responsibility of the Information Security Engineer

The information security engineer is responsible for the following:

1. For improper performance or non-performance of their official duties provided for by this job description - within the limits established by the labor legislation of the Russian Federation.

2. For offenses committed in the course of their activities - within the limits established by the current administrative, criminal and civil legislation of the Russian Federation.

3. For causing material damage to the organization - within the limits established by the current labor and civil legislation of the Russian Federation.

Job description information security engineer - sample 2019/2020. Job responsibilities of an information security engineer, rights of an information security engineer, responsibility of an information security engineer.

Interesting articles

Interesting articles

© imht.ru, 2022
Business processes. Investments. Motivation. Planning. Implementation