Startups and giants: what hides the current technological boom?
From the end of the century, scientific and technical progress, sung in the 20th century, turned into a different direction. The vector of development of technology has shifted from "heavy"…

Continue reading →

Freelance Market 2015: Global Trend or Ukrainian Phenomenon?
In 2014, the volume of the Ukrainian freelance market in terms of earnings of freelancers was estimated at more than $ 60 million. Today, Ukraine is the main global supplier…

Continue reading →

5 ways to make your business more efficient
It's no secret that many launch an online store as a side activity, in addition to their main job. Naturally, at this stage, few people perceive it as something more…

Continue reading →

How can companies protect themselves from information threats?

To ensure information security (IB), a company needs to decide what needs to be done, and then how. Without an understanding of this, any systems acquired and implemented will be no more than a waste of money. Understanding exactly what you need to do while ensuring information security will be helped by a timely developed information security policy, the writing of which must be taken seriously.

What is an information security policy?
Research by SearchInform shows that a little over a third of companies in the post-Soviet space today can boast of a professionally developed information security policy. At the same time, a tenth of companies do not bother to ask at all how and why they should protect their data. A simple conclusion follows from these statistics: the development of an information security policy (and, of course, its implementation in the practice of a company) gives the organization a competitive advantage.

The main principle is maximum accuracy and detail.
There is no need to be afraid of drawing up a document that describes the information security policy in an unnecessarily detailed form – after all, it is needed not as a means of briefing specific employees, but as a “body of laws” for specialists. Based on this document, personnel responsible for ensuring information security can already develop job descriptions for individual employees, as well as other documents necessary for implementing the provisions of the policy.

In the information security corporate policy, it is imperative to identify all possible user roles within the corporate information network, in order to determine the data protection classes and tolerances for specific categories of users based on these roles. However, by the nature of its work, the accounting department needs one information, the sales department needs another, the marketing department needs the third. All this must be reflected in the corporate policy of information security.

First step: find out who uses what information
The first thing to do when a security policy is created is to determine which types of information which employees can use. Any use of data outside the roles and accesses specified in the information security policy should be possible only with the approval of the information security department, if the user justifies the need for such access.

At the same time, roles and access often take the form of a complex multi-level structure. There is nothing terrible in this, but too much of a classification of this kind is not worth it even in a large organization, because excessive “splitting” of roles and the growth in the number of levels confuses the policy and makes it difficult to apply in the practice of everyday security.

Second step: state who is threatening the data

Every day we answer this question, explaining the essence of the events in the evening newsletter UBR

Threats in the IS policy are most often formulated as risks. For this purpose, the probability of realization of a particular threat is calculated on the basis of certified methods, and then the risk value is calculated based on the significance of the damage and the probability. For threats whose risk is lower than the threshold (it is determined individually for each organization), it does not make sense to take protective measures, since the protection will be much more expensive than the incidents that have occurred. However, for “regime” enterprises, the threshold level of risk is usually so small that it is necessary to defend oneself from even the most insignificant threats.

Information security policy is also required to have a section that describes not only the rules, but also the technical solutions that are applied in the event of protection against specific threats. Of course, there is also no need to specify everything before describing specific versions of various software or hardware-software solutions in order not to update the information security policy too often. But, nevertheless, the general requirements for the used information security equipment and classes of similar systems should be present in the information security policy.

When composing an information security policy, it is also necessary to remember that it must necessarily encompass not only ensuring the confidentiality of information, but also ensuring its integrity, authenticity, and accessibility.

How to become an unforgettable leader
“I remember all my superiors,” writes Jeff Hayden in Inc.com magazine. “Although some of them were useless bosses, most of them were still good. But only one turned out to…

...

Facebook rules the market: why is the absence of a company on Facebook a costly mistake?
Perhaps, doing business, you blithely ignored the promotion of your company on social networks, in particular on Facebook. You may have thought that you should not worry about attracting customers…

...

How to become a talented leader
Seven tips on how to become the most beloved boss. There are very few talented managers in the world, and even less gifted managers. But, if you wish, you can…

...

Make customers not happy, but happy. Or 10 thoughts about the client
Thanks to the company's customers make a profit. Thanks to satisfied customers, companies are developing, increasing their profits and becoming industry leaders. Roman Pinkovsky, Development Director, Internet IT Studio 1.…

...