Masiku ano, nkhani ya chitetezo chidziwitso (pano - IS) yamakampani ndi imodzi mwazofunikira kwambiri padziko lapansi. Ndipo izi sizosadabwitsa, chifukwa m'mayiko ambiri pali kukhwimitsa zofunikira kwa mabungwe omwe amasunga ndi kukonza deta yaumwini. Pakadali pano, malamulo aku Russia amafuna kuti gawo lalikulu la zolembedwazo lisungidwe pamapepala. Panthawi imodzimodziyo, njira yopita ku digito ikuwonekera: makampani ambiri amasungira kale zinsinsi zambiri mumtundu wa digito komanso muzolemba zamapepala.
Malinga ndi zotsatira a Anti-Malware Analytical Center, 86% ya omwe adafunsidwa adanena kuti m'chaka adayenera kuthetsa zochitika kamodzi kamodzi pambuyo pa kuzunzidwa kwa cyber kapena chifukwa cha kuphwanya malamulo okhazikitsidwa ndi ogwiritsa ntchito. Pachifukwa ichi, chidwi chachikulu mu bizinesi pachitetezo chazidziwitso chakhala chofunikira.
Pakalipano, chitetezo cha chidziwitso chamakampani sizinthu zovuta zaukadaulo, monga ma antivayirasi kapena ma firewall, ndi njira yophatikizika yosamalira katundu wakampani komanso zambiri makamaka. Makampani ali ndi njira zosiyanasiyana zothetsera mavutowa. Lero tikufuna kukambirana za kukhazikitsa muyezo wapadziko lonse wa ISO 27001 ngati njira yothetsera vuto lotere. Kwa makampani pamsika waku Russia, kupezeka kwa satifiketi yotere kumathandizira kulumikizana ndi makasitomala akunja ndi anzawo omwe ali ndi zofunika kwambiri pankhaniyi. ISO 27001 imagwiritsidwa ntchito kwambiri kumayiko a Kumadzulo ndipo imakhudza zofunikira zachitetezo chazidziwitso zomwe ziyenera kutsatiridwa ndi mayankho aukadaulo omwe amagwiritsidwa ntchito, komanso kuthandizira kupanga mabizinesi. Chifukwa chake, muyezo uwu utha kukhala mwayi wanu wampikisano komanso malo olumikizirana ndi makampani akunja.
Chitsimikizo ichi cha Information Security Management System (pano - ISMS) chasonkhanitsa njira zabwino kwambiri zopangira ISMS ndipo, chofunikira kwambiri, zapereka mwayi wosankha zowongolera kuti zitsimikizire kugwira ntchito kwadongosolo, zofunikira pachitetezo chaukadaulo komanso ndondomeko ya kasamalidwe ka ogwira ntchito pakampani. Kupatula apo, ndikofunikira kumvetsetsa kuti kulephera kwaukadaulo ndi gawo limodzi lamavuto. Pankhani yachitetezo chazidziwitso, gawo lalikulu limaseweredwa ndi munthu, zomwe zimakhala zovuta kwambiri kuzipatula kapena kuzichepetsa.
Ngati kampani yanu yatsala pang'ono kutsimikiziridwa ndi ISO 27001, ndiye kuti mwina mwayesera kale kupeza njira yosavuta yochitira izi. Tidzakukhumudwitsani: palibe njira zosavuta pano. Komabe, pali njira zina zomwe zingathandize kukonzekera bungwe kuti likwaniritse zofunikira zachitetezo chapadziko lonse lapansi:
1. Pezani thandizo kuchokera kwa oyang'anira
Mutha kuganiza kuti izi ndizodziwikiratu, koma pochita mfundo iyi nthawi zambiri imanyalanyazidwa. Kuphatikiza apo, ichi ndi chimodzi mwazifukwa zazikulu zomwe mapulojekiti okhazikitsa ISO 27001 nthawi zambiri amalephera. Popanda kumvetsetsa kufunikira kwa polojekiti kuti ikwaniritse mulingo, oyang'anira sangapereke ndalama zokwanira za anthu kapena bajeti yokwanira yotsimikizira.
2. Pangani dongosolo lokonzekera ziphaso
Kukonzekera chiphaso cha ISO 27001 ndi ntchito yovuta yomwe imaphatikizapo mitundu yosiyanasiyana ya ntchito, yomwe imafuna kutengapo gawo kwa anthu ambiri ndipo imatha kutenga miyezi yambiri (kapena zaka). Chifukwa chake, ndikofunikira kupanga dongosolo latsatanetsatane la polojekiti: kugawa zinthu, nthawi ndi kukhudzidwa kwa anthu kuti akwaniritse ntchito zomwe zafotokozedwa mosamalitsa ndikuwunika kutsata kwanthawi yake - apo ayi simungathe kumaliza ntchitoyo.
3. Dziwani zozungulira za certification
Ngati muli ndi bungwe lalikulu lomwe lili ndi ntchito zosiyanasiyana, mwina ndizomveka kutsimikizira gawo limodzi la bizinesi ya kampaniyo ku ISO 27001, zomwe zingachepetse kuopsa kwa polojekiti yanu, komanso nthawi ndi mtengo wake.
4. Konzani ndondomeko ya chitetezo cha chidziwitso
Chimodzi mwazolemba zofunika kwambiri ndi Information Security Policy ya kampaniyo. Iyenera kuwonetsa zolinga za kampani yanu pankhani yachitetezo chazidziwitso komanso mfundo zoyambira zachitetezo chazidziwitso, zomwe ziyenera kuwonedwa ndi ogwira ntchito onse. Cholinga cha chikalatachi ndikulongosola zomwe oyang'anira kampani akufuna kukwaniritsa pachitetezo chazidziwitso, komanso momwe chidzagwiritsidwire ntchito ndikuwongolera.
5. Kutanthauzira njira yowunikira zoopsa
Imodzi mwa ntchito zovuta kwambiri ndikutanthauzira malamulo owunika ndikuwongolera zoopsa. Ndikofunika kumvetsetsa zoopsa zomwe kampani ingaganizire kuti ndizovomerezeka komanso zomwe zimafunika kuchitapo kanthu kuti zichepetse. Popanda malamulo awa, ISMS sigwira ntchito.
Panthawi imodzimodziyo, ndi bwino kukumbukira kukwanira kwa njira zomwe zapangidwa kuti zichepetse zoopsa. Koma simuyenera kutengeka kwambiri ndi kukhathamiritsa, chifukwa zimaphatikizapo, mwa zina, nthawi yayikulu kapena ndalama zandalama, kapena zitha kukhala zosatheka. Tikukulimbikitsani kuti mugwiritse ntchito mfundo ya "kukwanira kochepa" popanga njira zochepetsera chiopsezo.
6. Yang'anirani zoopsa malinga ndi njira yovomerezeka
Gawo lotsatira ndikugwiritsira ntchito mosasinthasintha njira yoyendetsera zoopsa, ndiko kuti, kuwunika kwawo ndi kukonza. Njirayi iyenera kuchitidwa nthawi zonse mosamala kwambiri. Mwa kusunga kaundula wa zidziwitso zachitetezo chachitetezo mpaka pano, mutha kugawa zida zakampani moyenera ndikupewa zochitika zazikulu.
7. Konzani chithandizo chanu chowopsa
Zowopsa zomwe zimapitilira mulingo wovomerezeka ku kampani yanu ziyenera kuphatikizidwa mu dongosolo lachiwopsezo. Iyenera kulemba zomwe cholinga chake ndi kuchepetsa zoopsa, komanso anthu omwe ali ndi udindo pazochitazo komanso nthawi yake.
8. Malizitsani Statement of Applicability
Ichi ndi chikalata chofunikira chomwe chidzawunikiridwa ndi certification Authority panthawi yofufuza. Iyenera kufotokoza njira zoyendetsera chitetezo zomwe zimagwira ntchito pakampani yanu.
9. Dziwani momwe mphamvu zowongolera chitetezo zidziwitso zidzayezedwera
Chochita chilichonse chiyenera kukhala ndi zotsatira zomwe zimabweretsa kukwaniritsidwa kwa zolinga zomwe zakhazikitsidwa. Chifukwa chake, ndikofunikira kufotokozera momveka bwino magawo omwe kukwaniritsidwa kwa zolinga kudzayezedwa panjira yonse yoyang'anira chitetezo chazidziwitso komanso pamakina aliwonse osankhidwa kuchokera ku Applicability Annex.
10. Kukhazikitsa zowongolera zotetezedwa
Ndipo pokhapo mutatsatira njira zonse zam'mbuyomu, muyenera kuyamba kugwiritsa ntchito zowongolera zachitetezo chazidziwitso kuchokera pa Applicability Appendix. Vuto lalikulu pano, ndithudi, lidzakhala kukhazikitsa njira yatsopano yochitira zinthu m'njira zambiri za bungwe lanu. Anthu nthawi zambiri amakana ndondomeko ndi ndondomeko zatsopano, choncho tcherani khutu ku mfundo yotsatira.
11. Kukhazikitsa mapulogalamu ophunzitsira antchito
Mfundo zonse zomwe tafotokozazi zidzakhala zopanda tanthauzo ngati antchito anu sakumvetsa kufunika kwa polojekitiyo ndipo sakuchita mogwirizana ndi ndondomeko za chitetezo cha chidziwitso. Ngati mukufuna kuti ogwira ntchito anu azitsatira malamulo onse atsopano, choyamba muyenera kufotokozera anthu chifukwa chake akufunikira, ndiyeno mupereke maphunziro pa ISMS, kuwonetsa ndondomeko zonse zofunika zomwe antchito ayenera kuziganizira pa ntchito yawo ya tsiku ndi tsiku. Kuperewera kwa maphunziro a ogwira ntchito ndi chifukwa chofala chomwe projekiti ya ISO 27001 imalephera.
12. Sungani njira za ISMS
Pakadali pano, ISO 27001 imakhala chizolowezi chatsiku ndi tsiku m'gulu lanu. Kuti atsimikizire kukhazikitsidwa kwa kayendetsedwe ka chitetezo chazidziwitso molingana ndi muyezo, owerengera adzafunika kupereka zolemba - umboni wa magwiridwe antchito enieni. Koma choyamba, zolembazo ziyenera kukuthandizani kuti muzindikire ngati antchito anu (ndi ogulitsa) akugwira ntchito zawo motsatira malamulo ovomerezeka.
13. Yang'anirani ISMS
Kodi chimachitika ndi chiyani pa ISMS yanu? Muli ndi zochitika zingati, ndi zotani? Kodi njira zonse zikutsatiridwa bwino? Ndi mafunso awa, muyenera kuyang'ana ngati kampani ikukwaniritsa zolinga zake zachitetezo chazidziwitso. Ngati sichoncho, muyenera kupanga dongosolo kuti mukonze zinthu.
14. Kuchita kafukufuku wamkati wa ISMS
Cholinga cha kafukufuku wamkati ndikuwonetsa kusagwirizana pakati pa njira zenizeni za kampani ndi mfundo zovomerezeka za IS. Kwa mbali zambiri, ichi ndi chiyeso cha momwe antchito anu amamvera malamulo. Iyi ndi mfundo yofunika kwambiri, chifukwa ngati simukuwongolera ntchito ya antchito anu, bungwe likhoza kuwonongeka (mwadala kapena mosadziwa). Koma mfundo apa sikuti tipeze olakwawo ndikuwaikira chilango cholangidwa chifukwa chosatsatira ndondomeko, koma kukonza zinthu ndikuletsa mavuto amtsogolo.
15. Konzani Kubwereza Kasamalidwe
Oyang'anira sayenera kukhazikitsa firewall yanu, koma amafunikira kudziwa zomwe zikuchitika mu ISMS, mwachitsanzo, akukwaniritsa maudindo awo onse ndipo ISMS ikukwaniritsa zomwe akufuna. Kutengera izi, oyang'anira akuyenera kupanga zisankho zazikulu zowongolera ISMS ndi njira zamabizinesi amkati.
16. Yambitsani dongosolo la zowongolera ndi zopewera
Monga muyezo uliwonse, ISO 27001 imafuna "kuwongolera mosalekeza": kuwongolera mwadongosolo komanso kupewa kusagwirizana kwadongosolo lachitetezo chazidziwitso. Zochita zowongolera ndi zopewera zitha kukonza kusamvana ndikuletsa kubweranso mtsogolo.
Pomaliza, ndikufuna kunena kuti ndizovuta kwambiri kuti munthu akhale ndi satifiketi kuposa momwe amafotokozera m'mabuku osiyanasiyana. Chitsimikizo ndi chakuti ku Russia lero kokha zatsimikiziridwa kuti zikutsatira. Panthawi imodzimodziyo, kunja kwa dziko ndi imodzi mwa mfundo zodziwika bwino zomwe zimakwaniritsa zofunikira zamalonda m'munda wa chitetezo cha chidziwitso. Kufuna kotereku sikungochitika chifukwa cha kukula ndi zovuta za mitundu ya ziwopsezo, komanso zofunikira zamalamulo, komanso makasitomala omwe amayenera kusunga chinsinsi cha data yawo.
Ngakhale certification ya ISMS si ntchito yophweka, kungokwaniritsa zofunikira za ISO/IEC 27001 kungapereke mwayi wopikisana nawo pamsika wapadziko lonse lapansi. Tikukhulupirira kuti nkhani yathu yapereka chidziwitso choyambirira cha magawo ofunikira pokonzekera kampani kuti ipeze ziphaso.
Source: www.habr.com