Services
Managed IT
Solutions
Security
Partners
About Us

Information security

Information security (IS) is a set of techniques and practices to protect information from external and internal influences on the object of informatization.

The main purpose of IS is to protect information and the infrastructure that processes it from loss or leakage of data to third parties.

The creation of an IS system at an informatization object is based on three principles.

[text_with_btn btn=”SUBJECT” link=”https://itglobal.com/ru-ru/services/info-security/” btn_size=”normal”]Information Security[/text_with_btn]

Principles

. The first principle is confidentiality. Access to data is granted under the “minimum necessary awareness” rule. In other words, the user should only have the right to access that part of the information that he or she needs to perform his or her job duties.

One of the methods of fulfilling this principle is ranking (categorization) of data. For example, within an organization, information is divided into 3 types: public, internal and strictly confidential.

The second principle is integrity. Information must be protected from change or distortion. It must be stored, processed and transmitted through reliable communication channels.

To ensure integrity at the level of users use the rule of “separation of powers”, that is, any change is made by one user, and confirmation or denial – by another. Any operations in the information system must be logged.

The third principle is accessibility. This means that information should be available to the user as needed. The ideal variant is 24*7*365.

This point includes not only the human factor, but also the natural factor (e.g., tsunami or hurricane). The information system must provide availability under all conditions.

Means

. The following are used as means of information protection:

  1. Legal. At the object of informatization develop special documents that are guided to ensure IS. The main one is the IS policy, on the basis of which the protection is built.
  3. Organizational. They include employee workplaces (computers, UPS, etc.), data centers (switching, data storage systems, computing power, etc.), redundancy (creation of redundant communication channels, data backup).
  4. Organizational.
  5. Software. Software that helps to control the actions of employees, store information, provide reliable access to data.
  7. Technical. Specialized equipment that protects information from leakage or hacking. For example, encryption, two-step authentication procedure, virtual work environments, etc.
  8. Additional.

Ensuring information security in a company is an integrated approach to building a reliable and fault-tolerant system. The above items are recommended for implementation at any informatization object.