Nhanho yechina yemhinduro yemanzwiro kune shanduko ndeyekuora mwoyo. Muchinyorwa chino tichakuudza nezve chiitiko chedu chekupfuura nepakati uye isingafadzi nhanho - nezve shanduko mumabhizinesi ekambani maitiro kuitira kuti vazadzikise kutevedzera kwavo ISO 27001 standard.
Kumirira
Mubvunzo wekutanga watakazvibvunza pachedu mushure mekusarudza dare rinopa zvitupa uye chipangamazano waive inguva yakadii yatinganyatsoda kuita shanduko dzese dzinodiwa?
Urongwa hwekutanga hwebasa hwakarongwa nenzira yekuti taifanira kupedza mukati memwedzi mitatu.
Zvese zvaiita sezviri nyore: zvaive zvakafanira kunyora akati wandei emitemo uye kuchinja zvishoma maitiro edu emukati; wobva wadzidzisa vaunoshanda navo pane shanduko uye kumirira imwe mwedzi ye3 (kuitira kuti "zvinyorwa" zvioneke, kureva, humbowo hwekushanda kwemitemo). Zvaiita sekunge ndizvo zvese - uye chitupa chaive muhomwe yedu.
Pamusoro pezvo, isu takanga tisiri kuzonyora marongero kubva pakutanga - mushure mezvose, isu taive nemupi wezano uyo, sezvataifunga, aifanira kutipa ese "chaiwo" matemplate.
Nekuda kwemhedzisiro iyi, takagovera mazuva matatu ekugadzirira mutemo wega wega.
Iko kushanduka kwehunyanzvi zvakare hakuna kutaridzika kuomarara: zvaive zvakafanira kumisikidza kuunganidzwa uye kuchengetwa kwezviitiko, tarisa kana ma backups achienderana nepolicy yatakanyora, kudzorera mahofisi nemaitiro ekutonga kwekupinda pazvinenge zvichidikanwa, uye zvimwe zvinhu zvidiki. .
Chikwata chiri kugadzirira zvese zvinodiwa kuti chitupa chaive nevanhu vaviri. Takaronga kuti vaizobatanidzwa mukuita mukuwirirana nemabasa avo makuru, uye izvi zvaizotora mumwe nomumwe wavo nguva yakawanda yemaawa 1,5-2 pazuva.
Kupfupikisa, tinogona kutaura kuti maonero edu pamusoro pechikamu chiri kuuya chebasa akanga ane tariro.
Chokwadi
Muchokwadi, zvese zvaive zvakasarudzika zvakasiyana: matemplate epolicy akapihwa neanopa mazano akave akanyanya kusashanda kukambani yedu; Ikoko kwakanga kusina ruzivo rwakajeka paInternet pamusoro pekuita uye sei. Sezvaunogona kufungidzira, chirongwa che "kunyora mutemo mumwe chete mumazuva matatu" chakakundikana zvakashata. Saka takarega kusvitsa mazuva anenge apera kubva pakutanga chaipo pechirongwa, uye manzwiro edu akatanga kuderera zvishoma nezvishoma.
Unyanzvi hwechikwata hwaive hudiki hwakashata - zvekuti zvakange zvisina kana kukwana kubvunza mibvunzo chaiyo kune mupi wezano (uyo, nenzira, haana kuratidza danho rakawanda). Zvinhu zvakatanga kufamba zvishoma nezvishoma, kubvira mwedzi mitatu mushure mekutanga kushandiswa (kureva, panguva iyo zvinhu zvose zvaifanira kunge zvakagadzirirwa), mumwe wevaviri vatori vechikamu vakasiya boka. Akatsiviwa nemusoro mutsva webasa reIT, uyo aifanira kukurumidza kupedzisa maitiro ekuita uye kupa ruzivo rwekuchengetedza manejimendi system nezvose zvinonyanya kudiwa kubva pakuona kwehunyanzvi. Basa racho raiita serakaoma... Vaya vaitungamirira vakatanga kuora mwoyo.
Uye zvakare, iyo tekinoroji yenyaya iyi zvakare yakave ne "nuances". Takatarisana nebasa rekuvandudza software yepasirese pazviteshi zvekushandira uye pamidziyo yeseva. Ndichiri kumisikidza sisitimu yekuunganidza zviitiko (matanda), zvakazoitika kuti isu takanga tisina kukwana zviwanikwa zvehardware zvekushanda kwakajairika kwehurongwa. Uye iyo backup software yaidawo kuvandudzwa.
Spoiler: Nekuda kweizvozvo, iyo ISMS yakaitwa nehugamba mumwedzi mitanhatu. Uye hapana akafa!
Chii chakanyanya kuchinja?
Zvechokwadi, panguva yekushandiswa kwechiyero, nhamba huru yekuchinja kuduku kwakaitika mumaitirwo ekambani. Takaratidza shanduko dzakanyanya kukosha kwauri:
- Kugadziriswa kwemaitiro ekuongorora njodzi
Pakutanga, kambani yanga isina nzira yekuongorora njodzi - yaingoitwa mukupfuura sechikamu chehurongwa hwese hwekuronga. Rimwe remabasa akanyanya kukosha akagadziriswa sechikamu chechitupa kwaive kuitiswa kweRisk Assessment Policy yekambani, iyo inotsanangura matanho ese echiitiko ichi uye vanhu vane chekuita nechikamu chimwe nechimwe.
- Kudzora pamusoro pezvinobvisirwa chengetedzo midhiya
Imwe yenjodzi dzakakosha dzebhizinesi kwaive kushandiswa kweasina kunyorwa USB flash drives: kutaura zvazviri, chero mushandi anogona kunyora chero ruzivo rwunowanikwa kwaari pane flash drive uye, zvakanyanya, kurasikirwa naro. Sechikamu chechitupa, kugona kudhawunirodha chero ruzivo pamaflash drives kwakaremara pane ese evashandi nzvimbo dzebasa - ruzivo rwekurekodha rwakagoneka chete kuburikidza nekunyorera kudhipatimendi reIT.
- Super User Control
Rimwe rematambudziko makuru raive chokwadi chekuti vashandi vese veIT department vaive nekodzero dzakakwana muhurongwa hwese hwekambani - vaive neruzivo rwese. Panguva imwe cheteyo, hapana ainyatsovadzora.
Takaita chirongwa cheData Loss Prevention (DLP) - chirongwa chekutarisa zviito zvevashandi zvinoongorora, kuvharira uye kunyevera nezve njodzi uye isingabudiriri zviitiko. Ikozvino zviziviso nezve zviito zvevashandi vedhipatimendi reIT zvinotumirwa kune email kero yekambani Operations Director.
- Nzira yekuronga zvivakwa zveruzivo
Certification yaida shanduko yepasi rose uye maitiro. Ehe, isu taifanira kusimudzira akati wandei evhavha midziyo nekuda kwekuwedzera kwemutoro. Kunyanya, isu takatsaurira sevha yakaparadzana yezviitiko zvekuunganidza masisitimu. Sevha yaive yakashongedzerwa nehombe uye nekukurumidza SSD madhiraivha. Isu takasiya backup software uye takasarudza kuchengetedza masisitimu ane ese anodiwa kushanda kunze kwebhokisi. Takaita nhanho dzakakura dzakati wandei takananga ku "infrastructure as code" pfungwa, iyo yakatibvumira kuchengetedza yakawanda dhisiki nzvimbo nekubvisa kuchengetedza kwenhamba yemaseva. Munguva pfupi pfupi inokwanisika (vhiki 1), ese software pane workstations akakwidziridzwa kuWin10. Imwe yenyaya iyo yemazuva ano yakagadziriswa kugona kugonesa encryption (muiyo Pro vhezheni).
- Kudzora pamusoro pemapepa mapepa
Iyo kambani yaive nenjodzi dzakakura dzakabatana nekushandiswa kwemapepa mapepa: anogona kurasika, akasiiwa munzvimbo isiriyo, kana kuparadzwa zvisina kunaka. Kuti tideredze njodzi iyi, takamaka mapepa ese epepa zvinoenderana nedanho rekuvanzika uye takagadzira nzira yekuparadza marudzi akasiyana ezvinyorwa. Zvino, kana mushandi anovhura folda kana kutora gwaro, anonyatsoziva kuti ruzivo urwu rwunowira muchikamu chipi uye mabatirwo arwo.
- Kurenda nzvimbo yekuchengetedza data
Pakutanga, ruzivo rwese rwekambani rwakachengetwa pamaseva ari munzvimbo yechitatu-yakachengeteka data centre. Nekudaro, pakanga pasina maitiro ekukurumidzira aripo panzvimbo ino yedata. Mhinduro yaive yekuhaya backup cloud data center uye nekuchengetedza ruzivo rwakakosha ipapo. Parizvino, ruzivo rwekambani rwakachengetwa munzvimbo mbiri dzenzvimbo dziri kure, izvo zvinoderedza ngozi yekurasikirwa kwayo.
- Bhizinesi kuenderera mberi kuyedza
Kambani yedu yakave neBusiness Continuity Policy (BCP) iripo kwemakore akati wandei, iyo inotsanangura izvo vashandi vanofanirwa kuita mumamiriro akasiyana-siyana asina kunaka (kurasikirwa kwekuwana hofisi, denda, kudzimwa kwemagetsi, nezvimwewo). Nekudaro, isu hatina kumbobvira taitisa bvunzo yekuenderera - ndiko kuti, hatina kumbobvira tayera kuti zvingatora nguva yakareba sei kudzoreredza bhizinesi mune imwe neimwe yeaya mamiriro. Mukugadzirira kuongororwa kwezvitupa, isu hatina kungoita izvi chete, asi zvakare takagadzira chirongwa chekuenderera mberi kwebhizinesi rekuyedza gore rinouya. Zvakakosha kucherechedza kuti gore rakatevera, patakanga takatarisana nechido chekuchinja zvachose kune basa riri kure, takapedza basa iri mumazuva matatu.
Zvakakosha kucherechedza, kuti makambani ese ari kugadzirira chitupa ane mamiriro akasiyana ekutanga - saka, mune yako, shanduko dzakasiyana zvachose dzinogona kudiwa.
Maitiro evashandi kune shanduko
Zvinoshamisa - apa isu takatarisira zvakanyanya - hazvina kushata. Hazvigone kutaurwa kuti vamwe vashandi vakagamuchira nhau dzechitupa nechishuwo chikuru, asi zvinotevera zvaive pachena:
- Vose vashandi vanokosha vakanzwisisa kukosha uye kusadzivirika kwechiitiko ichi;
- Vamwe vese vashandi vakatarisa kune vashandi vakakosha.
Ehe, iwo chaiwo eindasitiri yedu akatibatsira zvakanyanya - outsourcing yeaccounting mabasa. Ruzhinji rwevashandi vedu vanorarama zvakanaka nekuchinja nguva dzose mumutemo weRussia. Saizvozvo, kuunzwa kwemakumi maviri emitemo mitsva iyo inofanirwa kucherechedzwa ikozvino yakanga isiri chinhu chakajairika kwavari.
Isu takagadzirira itsva inosungirwa ISO 27001 kudzidziswa uye kuyedzwa kwevashandi vedu vese. Wese munhu akateerera akabvisa zvinyorwa zvakanamira nemapassword kubva kumamonitor avo uye akabvisa madhesiki aive akazara nemagwaro. Hapana kusagutsikana kukuru kwakaonekwa - kazhinji, takanga tine rombo rakanaka nevashandi vedu.
Nekudaro, isu takapfuura nhanho inorwadza - "kushungurudzika" - kwakabatana nekuchinja kwebhizinesi redu maitiro. Zvakanga zvakaoma uye zvakaoma, asi mugumisiro pakupedzisira wakapfuura zvose zvatinotarisira zvakashata.
Verenga zvakapfuura kubva munhevedzano:
5 nhanho dzekusadzivirirwa kwe ISO/IEC 27001 certification. Kuora mwoyo.
5 nhanho dzekusadzivirirwa kwe ISO/IEC 27001 certification. Adoption.
Source: www.habr.com