Namhlanje, umba wokhuseleko lolwazi (emva koku kubhekiselwa kuwo njengokhuseleko lolwazi) lweenkampani ngowona ucinezela kakhulu kwihlabathi. Kwaye oku akumangalisi, kuba kumazwe amaninzi kukho ukuqiniswa kweemfuno zemibutho egcina kwaye iqhube idatha yomntu. Okwangoku, umthetho waseRashiya ufuna ukugcina inxalenye ebalulekileyo yokuhamba kwamaxwebhu kwifom yephepha. Kwangaxeshanye, umkhwa wokuya kwidijithali uyabonakala: iinkampani ezininzi sele zigcine isixa esikhulu solwazi oluyimfihlo zombini kwifomathi yedijithali nakwindlela yamaxwebhu ephepha.
Ngokweziphumo I-Anti-Malware Analytical Centre, i-86% yabaphenduli baqaphele ukuba ngexesha lonyaka ubuncinane kanye babefanele baxazulule iziganeko emva kokuhlaselwa kwe-cyber okanye ngenxa yokuphulwa kwabasebenzisi bemimiselo emiselweyo. Kule nkalo, ukubeka phambili ukhuseleko lolwazi kwishishini kuye kwaba yimfuneko.
Okwangoku, ukhuseleko lolwazi lwenkampani alukho nje isethi yeendlela zobugcisa, ezifana ne-antivirus okanye i-firewall, sele iyindlela edibeneyo yokuphatha impahla yenkampani ngokubanzi kunye nolwazi ngokukodwa. Iinkampani zijonga ezi ngxaki ngokwahlukileyo. Namhlanje singathanda ukuthetha malunga nokuphunyezwa komgangatho wamazwe ngamazwe we-ISO 27001 njengesisombululo kwingxaki enjalo. Kwiinkampani kwimarike yaseRashiya, ubukho besatifikethi esinjalo benza lula ukusebenzisana nabathengi bangaphandle kunye namaqabane aneemfuno eziphezulu kulo mbandela. I-ISO 27001 isetyenziswa kakhulu eNtshona kwaye ibandakanya iimfuno kwinkalo yokhuseleko lolwazi, ekufuneka igutyungelwe zizisombululo zobugcisa ezisetyenzisiweyo, kwaye ikwanegalelo kuphuhliso lweenkqubo zoshishino. Ke, lo mgangatho unokuba lilungelo lakho lokukhuphisana kunye nendawo yokunxibelelana neenkampani zangaphandle.
Esi siqinisekiso seNkqubo yoLawulo loKhuseleko lweNgcaciso (emva koku ebizwa ngokuba yi-ISMS) iqokelele ezona ndlela zilungileyo zokuyila i-ISMS kwaye, ngokubalulekileyo, ibonelele ithuba lokukhetha izixhobo zokulawula ukuqinisekisa ukusebenza kwenkqubo, iimfuno zenkxaso yokhuseleko lwetekhnoloji kunye nokuba nokwenzeka. kwinkqubo yolawulo lwabasebenzi kwinkampani. Emva koko, kuyimfuneko ukuqonda ukuba ukungaphumeleli kobugcisa yinxalenye yengxaki kuphela. Kwimiba yokhuseleko lolwazi, into yomntu idlala indima enkulu, kwaye kunzima kakhulu ukuyisusa okanye ukuyinciphisa.
Ukuba inkampani yakho ijonge ukufumana isiqinisekiso se-ISO 27001, ngoko usenokuba sele uzame ukufumana indlela elula yokuyenza. Kufuneka sikuphoxe: akukho ndlela zilula apha. Nangona kunjalo, kukho amanyathelo athile aya kunceda ukulungiselela umbutho kwiimfuno zokhuseleko lolwazi lwamazwe ngamazwe:
1. Fumana inkxaso kubaphathi
Unokucinga ukuba oku kucacile, kodwa ekusebenzeni le ngongoma ihlala ingahoywa. Ngaphezu koko, esi sesinye sezizathu eziphambili zokuba kutheni i-ISO 27001 yokuphunyezwa kweeprojekthi zihlala zisilela. Ngaphandle kokuqonda ukubaluleka kweprojekthi yokuphunyezwa esemgangathweni, ulawulo aluyi kubonelela ngabasebenzi abaneleyo okanye ibhajethi eyaneleyo yokuqinisekisa.
2. Ukuphuhlisa iSicwangciso sokuLungiselela iSiqinisekiso
Ukulungiselela isiqinisekiso se-ISO 27001 ngumsebenzi ontsonkothileyo obandakanya iindidi ezininzi ezahlukeneyo zomsebenzi, ofuna ukubandakanyeka kwenani elikhulu labantu kwaye unokuthatha iinyanga ezininzi (okanye iminyaka). Ngoko ke, kubaluleke kakhulu ukwenza isicwangciso seprojekthi eneenkcukacha: ukwaba izibonelelo, ixesha kunye nokubandakanyeka kwabantu kwimisebenzi echazwe ngokungqongqo kunye nokubeka iliso kuthotyelo lwemihla ebekiweyo - kungenjalo awunakuze uwugqibe umsebenzi.
3. Chaza umjikelezo wesatifikethi
Ukuba unombutho omkhulu onemisebenzi eyahluka-hlukeneyo, kusenokuba sengqiqweni ukungqina inxalenye yeshishini lenkampani kuphela kwi-ISO 27001, nto leyo eya kuthi iwunciphise kakhulu umngcipheko weprojekthi yakho, kunye nexesha layo neendleko zayo.
4. Ukuphuhlisa umgaqo-nkqubo wokhuseleko lolwazi
Elinye lawona maxwebhu abalulekileyo nguMgaqo-nkqubo woKhuseleko loLwazi lwenkampani. Kufuneka ibonise iinjongo zokhuseleko lolwazi lwenkampani yakho kunye nemigaqo esisiseko yolawulo lokhuseleko lolwazi, ekufuneka ilandelwe ngabo bonke abasebenzi. Injongo yolu xwebhu kukufumanisa ukuba ngaba abaphathi benkampani bafuna ukufezekisa ntoni na kwicandelo lokhuseleko lolwazi, kunye nendlela oku kuya kuphunyezwa kwaye kulawulwe ngayo.
5. Chaza indlela yovavanyo lomngcipheko
Omnye weyona misebenzi inzima kukuchaza imithetho yovavanyo lomngcipheko kunye nolawulo. Kubalulekile ukuqonda ukuba yeyiphi imingcipheko enokuthi ithathwe yinkampani njengeyamkelekileyo kwaye efuna inyathelo elikhawulezileyo ukuyinciphisa. Ngaphandle kwale migaqo, i-ISMS ayiyi kusebenza.
Ngexesha elifanayo, kuyafaneleka ukukhumbula ukufaneleka kwamanyathelo athathiweyo ukunciphisa ingozi. Kodwa akufuneki uthabatheke kakhulu yinkqubo yokuphucula, kuba zibandakanya ixesha elikhulu okanye iindleko zemali okanye zisenokungenzeki. Sincoma ukuba usebenzise umgaqo "wokwanela ubuncinane" xa uphuhlisa amanyathelo okunciphisa umngcipheko.
6. Ukulawula imingcipheko ngokwendlela evunyiweyo
Inqanaba elilandelayo kukusetyenziswa okungaguqukiyo kwendlela yokulawula umngcipheko, oko kukuthi, uvavanyo lwabo kunye nokusetyenzwa. Le nkqubo kufuneka iqhutywe rhoqo ngononophelo olukhulu. Ngokugcina irejista yokhuseleko lomngcipheko isexesheni, uya kukwazi ukwaba izixhobo zenkampani ngempumelelo kwaye uthintele izehlo ezimandundu.
7. Cwangcisa unyango lwengozi
Imingcipheko edlula inqanaba elamkelekileyo kwinkampani yakho kufuneka ibandakanywe kwisicwangciso sonyango lomngcipheko. Kufuneka irekhode izenzo ezijolise ekunciphiseni umngcipheko, kunye nabantu abanoxanduva lwazo kunye nemihla ebekiweyo.
8. Gcwalisa iNgxelo yokuSebenza
Olu luxwebhu olungundoqo oluya kuphononongwa ziingcali ezivela kwiqumrhu loqinisekiso ngethuba lophicotho. Kufuneka ichaze ukuba loluphi ulawulo lokhuseleko lolwazi olusebenzayo kwimisebenzi yenkampani yakho.
9. Ukumisela ukuba ukusebenza kolawulo lokhuseleko lolwazi kuya kulinganiswa njani.
Naliphi na inyathelo kufuneka libe nesiphumo esikhokelela ekuzalisekeni kweenjongo ezisekiweyo. Ngoko ke, kubalulekile ukucacisa ngokucacileyo ukuba zeziphi iiparamitha ukufezekiswa kweenjongo ziya kulinganiswa zombini kuyo yonke inkqubo yolawulo lokhuseleko lolwazi kunye nolawulo ngalunye olukhethiweyo olusuka kwiSihlomelo sokuSebenza.
10. Ukusebenzisa ulawulo lokhuseleko lolwazi
Kwaye kuphela emva kokugqiba onke amanyathelo angaphambili kufuneka uqale ukuphumeza ulawulo lokhuseleko lolwazi olusebenzayo kwiSihlomelo sokuSebenza. Owona mceli mngeni mkhulu apha, ewe, iya kuba kukwazisa indlela entsha ngokupheleleyo yokwenza izinto kwiinkqubo ezininzi zombutho wakho. Abantu badla ngokuchasa imigaqo-nkqubo kunye neenkqubo ezintsha, ke nikela ingqalelo kwinqaku elilandelayo.
11. Ukuphumeza iinkqubo zoqeqesho kubasebenzi
Zonke iingongoma ezichazwe ngasentla aziyi kuba nantsingiselo ukuba abasebenzi bakho abaqondi ukubaluleka kweprojekthi kwaye bangenzi ngokuhambelana nemigaqo-nkqubo yokhuseleko lolwazi. Ukuba ufuna ukuba abasebenzi bakho bahambisane nayo yonke imithetho emitsha, kufuneka uqale uchaze abantu ukuba kutheni kuyimfuneko, kwaye emva koko unikeze uqeqesho kwi-ISMS, ugxininisa yonke imigaqo-nkqubo ebalulekileyo ekufuneka abasebenzi bayithathele ingqalelo kwimisebenzi yabo yemihla ngemihla. Ukunqongophala koqeqesho lwabasebenzi sisizathu esiqhelekileyo sokungaphumeleli kweprojekthi ye-ISO 27001.
12. Gcina iinkqubo ze-ISMS
Okwangoku, i-ISO 27001 iba yinkqubo yemihla ngemihla kumbutho wakho. Ukuqinisekisa ukuphunyezwa kolawulo lokhuseleko lolwazi ngokuhambelana nomgangatho, abaphicothi-zincwadi baya kufuna ukubonelela ngeerekhodi - ubungqina bokusebenza kwangempela kolawulo. Kodwa uninzi lwazo zonke, iirekhodi kufuneka zikuncede ulandelele ukuba ngaba abasebenzi bakho (kunye nababoneleli) bayayenza imisebenzi yabo ngokwemigaqo evunyiweyo.
13. Beka iliso kwi-ISMS yakho
Kuqhubeka ntoni nge-ISMS yakho? Zingaphi iziganeko onazo, luhlobo luni na? Ngaba zonke iinkqubo zilandelwa ngokufanelekileyo? Ngale mibuzo, kufuneka ujonge ukuba inkampani iyahlangabezana neenjongo zayo zokhuseleko lolwazi. Ukuba akunjalo, kufuneka wenze isicwangciso sokulungisa imeko.
14. Ukuqhuba uphicotho lwangaphakathi lwe-ISMS
Injongo yophicotho-zincwadi lwangaphakathi kukuchonga ukungangqinelani phakathi kweenkqubo zokwenyani zenkampani kunye nemigaqo-nkqubo evunyiweyo yokhuseleko lolwazi. Ubukhulu becala, ijonga ukubona ukuba abasebenzi bakho bayilandela kangakanani imigaqo. Le ngongoma ebaluleke kakhulu, kuba ukuba awuwulawuli umsebenzi wabasebenzi bakho, umbutho unokulimala (ngeenjongo okanye ngokungeyomfuneko). Kodwa injongo apha ayikukufumana abagwenxa kunye nokubaqeqesha ngenxa yokungahambelani nemigaqo-nkqubo, kodwa ukulungisa imeko kunye nokukhusela iingxaki ezizayo.
15. Lungiselela uphononongo lwabaphathi
Abaphathi akufuneki balungise i-firewall yakho, kodwa kufuneka bazi ukuba kwenzeka ntoni kwi-ISMS: umzekelo, ukuba wonke umntu uyahlangabezana noxanduva lwakhe kunye nokuba i-ISMS ifezekisa iziphumo zayo ekujoliswe kuzo. Ngokusekelwe koku, abaphathi kufuneka benze izigqibo eziphambili zokuphucula i-ISMS kunye neenkqubo zoshishino zangaphakathi.
16. Yazisa inkqubo yokulungisa kunye nezenzo zokuthintela
Njengawo nawuphi na umgangatho, i-ISO 27001 idinga "uphuculo oluqhubekayo": ukulungiswa okucwangcisiweyo kunye nokuthintela ukungahambelani kwindlela yokulawula ukhuseleko lolwazi. Ngezenzo zokulungisa kunye nokuthintela, ukungahambelani kunokulungiswa kwaye kuthintelwe ukuba kuphinde kwenzeke kwixesha elizayo.
Ukuqukumbela, ndingathanda ukuthi enyanisweni, ukufumana isiqinisekiso kunzima kakhulu kunokuba kuchazwe kwimithombo eyahlukeneyo. Oku kuqinisekiswa kukuba eRashiya namhlanje kukho kuphela ziye zaqinisekiswa ukuba ziyathotyelwa. Kwangaxeshanye, lo ngomnye wemigangatho ethandwa kakhulu kumazwe aphesheya, ukuhlangabezana neemfuno ezikhulayo zoshishino kwinkalo yokhuseleko lolwazi. Le mfuno yokuphunyezwa ayibangelwa nje kuphela ukukhula kunye nobunzima beentlobo zezoyikiso, kodwa nakwiimfuno zomthetho, kunye nabathengi abafuna ukugcina imfihlo epheleleyo yedatha yabo.
Ngaphandle kwento yokuba ukuqinisekiswa kwe-ISMS ingengomsebenzi olula, eyona nyani yokuhlangabezana neemfuno zomgangatho wamazwe ngamazwe we-ISO/IEC 27001 inokubonelela ngenzuzo enkulu yokhuphiswano kwimarike yehlabathi. Siyathemba ukuba inqaku lethu linikeze ukuqonda kokuqala kwezigaba eziphambili ekulungiseleleni inkampani yokuqinisekiswa.
umthombo: www.habr.com