Namuhla, udaba lokuvikeleka kolwazi (okuzobizwa manje ngokuthi ukuphepha kolwazi) lwezinkampani lungenye yezinto ezicindezela kakhulu emhlabeni. Futhi lokhu akumangazi, ngoba emazweni amaningi kunokuqina kwezidingo zezinhlangano ezigcina futhi zicubungule idatha yomuntu siqu. Njengamanje, umthetho waseRussia udinga ukugcinwa kwengxenye ebalulekile yokugeleza kwedokhumenti efomini lephepha. Ngesikhathi esifanayo, umkhuba obheke ku-digitalization uyabonakala: izinkampani eziningi sezivele zigcina inani elikhulu lolwazi oluyimfihlo kokubili ngefomethi yedijithali nangendlela yemibhalo yamaphepha.
Ngokwemiphumela I-Anti-Malware Analytical Center, i-86% yabaphenduli baqaphele ukuthi phakathi nonyaka okungenani kanye kwadingeka baxazulule izehlakalo ngemva kokuhlaselwa ku-inthanethi noma ngenxa yokwephulwa kwabasebenzisi kwemithethonqubo emisiwe. Mayelana nalokhu, ukubeka phambili ukuphepha kolwazi ebhizinisini sekuyisidingo.
Njengamanje, ukuvikeleka kolwazi lwenkampani akulona nje isethi yezindlela zobuchwepheshe, njengama-antivirus noma i-firewall, kakade kuyindlela ehlanganisiwe yokuphatha impahla yenkampani ngokujwayelekile kanye nolwazi ikakhulukazi. Izinkampani zibheka lezi zinkinga ngendlela ehlukile. Namuhla sithanda ukukhuluma ngokusetshenziswa kwezinga le-ISO 27001 lamazwe ngamazwe njengesixazululo senkinga enjalo. Ezinkampanini ezimakethe yaseRussia, ukuba khona kwesitifiketi esinjalo kwenza kube lula ukuxhumana namakhasimende angaphandle kanye nozakwethu abanezidingo eziphezulu kule ndaba. I-ISO 27001 isetshenziswa kabanzi emazweni aseNtshonalanga futhi ihlanganisa izidingo emkhakheni wezokuphepha kolwazi, okufanele zihlanganiswe yizixazululo zobuchwepheshe ezisetshenziswayo, futhi zifake isandla ekuthuthukisweni kwezinqubo zebhizinisi. Ngakho-ke, leli zinga lingaba inzuzo yakho yokuncintisana futhi libe iphuzu lokuxhumana nezinkampani zangaphandle.
Lesi sitifiketi soHlelo Lokulawulwa Kolwazi Lokuvikeleka Kolwazi (okuzobizwa kamuva ngokuthi yi-ISMS) siqoqe izindlela ezingcono kakhulu zokuklama i-ISMS futhi, okubaluleke kakhulu, sanikeza ithuba lokukhetha amathuluzi okulawula ukuze kuqinisekiswe ukusebenza kohlelo, izidingo zokusekelwa kwezokuphepha kwezobuchwepheshe ngisho nangokwengeziwe. ngenqubo yokuphatha abasebenzi enkampanini. Phela, kuyadingeka ukuqonda ukuthi ukwehluleka kwezobuchwepheshe kuyingxenye yenkinga. Ezindabeni zokuphepha kolwazi, isici somuntu sidlala indima enkulu, futhi kunzima kakhulu ukuyiqeda noma ukuyinciphisa.
Uma inkampani yakho ibheka ukuthola isitifiketi se-ISO 27001, kungenzeka ukuthi usuzamile kakade ukuthola indlela elula yokwenza. Kufanele sikudumaze: azikho izindlela ezilula lapha. Nokho, kunezinyathelo ezithile ezizosiza ukulungiselela inhlangano izidingo zokuphepha kolwazi lwamazwe ngamazwe:
1. Thola ukwesekwa kubaphathi
Ungase ucabange ukuthi lokhu kusobala, kodwa ekusebenzeni leli phuzu livame ukunganakwa. Ngaphezu kwalokho, lesi ngesinye sezizathu eziyinhloko ezenza amaphrojekthi wokuqalisa we-ISO 27001 avame ukuhluleka. Ngaphandle kokuqonda ukubaluleka kwephrojekthi evamile yokuqaliswa, abaphathi ngeke banikeze izinsiza zabantu ezanele noma isabelomali esanele sokuthola isitifiketi.
2. Yakha Uhlelo Lokulungiselela Isitifiketi
Ukulungiselela ukuthola isitifiketi se-ISO 27001 kuwumsebenzi onzima ohilela izinhlobo eziningi zemisebenzi, odinga ukubandakanyeka kwenani elikhulu labantu futhi ungathatha izinyanga eziningi (noma ngisho neminyaka). Ngakho-ke, kubaluleke kakhulu ukwenza uhlelo olunemininingwane yephrojekthi: ukwaba izinsiza, isikhathi kanye nokubandakanyeka kwabantu emisebenzini echazwe ngokuqinile futhi kuqashwe ukuhambisana nezinsuku zokugcina - ngaphandle kwalokho ungase ungawuqedi umsebenzi.
3. Chaza i-perimeter yesitifiketi
Uma unenhlangano enkulu enemisebenzi eyahlukene, kungase kube nengqondo ukuthi uqinisekise ingxenye yebhizinisi lenkampani kuphela ku-ISO 27001, okuzonciphisa kakhulu ubungozi bephrojekthi yakho, kanye nesikhathi nezindleko zayo.
4. Yakha inqubomgomo yokuphepha kolwazi
Omunye wemibhalo ebaluleke kakhulu Inqubomgomo Yezokuphepha Kolwazi yenkampani. Kufanele ibonise izinjongo zokuphepha kolwazi lwenkampani yakho kanye nezimiso eziyisisekelo zokuphathwa kokuphepha kolwazi, okufanele zilandelwe yibo bonke abasebenzi. Inhloso yalo mbhalo ukunquma ukuthi yini abaphathi benkampani abafuna ukuyizuza emkhakheni wezokuphepha kolwazi, kanye nokuthi lokhu kuzokwenziwa futhi kulawulwe kanjani.
5. Chaza indlela yokuhlola ubungozi
Omunye wemisebenzi enzima kakhulu ukuchaza imithetho yokuhlola ubungozi nokuphathwa. Kubalulekile ukuqonda ukuthi yiziphi izingozi inkampani engase icabange ukuthi zamukelekile futhi iziphi ezidinga isinyathelo esisheshayo ukuzinciphisa. Ngaphandle kwale mithetho, i-ISMS ngeke isebenze.
Ngesikhathi esifanayo, kufanelekile ukukhumbula ukufaneleka kwezinyathelo ezithathiwe ukunciphisa izingozi. Kodwa akufanele uthatheke kakhulu ngenqubo yokwenza kahle, ngoba futhi ihlanganisa isikhathi esikhulu noma izindleko zezimali noma kungenzeka kungenzeki. Sincoma ukuthi usebenzise isimiso "sokwanela okuncane" lapho usungula izindlela zokunciphisa ubungozi.
6. Lawula ubungozi ngendlela egunyaziwe
Isigaba esilandelayo wukusetshenziswa okungaguquki kwendlela yokulawula ubungozi, okungukuthi, ukuhlola nokucubungula kwabo. Le nqubo kumele yenziwe njalo ngokucophelela okukhulu. Ngokugcina irejista yengozi yolwazi isesikhathini samanje, uzokwazi ukwaba izinsiza zenkampani ngempumelelo futhi uvimbele izigameko ezimbi.
7. Hlela ukwelashwa kwengozi
Izingozi ezeqa izinga elamukelekayo lenkampani yakho kufanele zifakwe ohlelweni lokwelapha ubungozi. Kufanele irekhode izenzo ezihloselwe ukunciphisa ubungozi, kanye nabantu ababhekene nazo kanye nezinsuku eziwumnqamulajuqu.
8. Gcwalisa Isitatimende Sokusebenza
Lona wumbhalo obalulekile ozocutshungulwa ngochwepheshe abavela endikimbeni yezitifiketi ngesikhathi socwaningo. Kufanele ichaze ukuthi yiziphi izilawuli zokuphepha kolwazi ezisebenza emisebenzini yenkampani yakho.
9. Thola ukuthi ukuphumelela kwezilawuli zokuphepha kolwazi kuzokalwa kanjani.
Noma yisiphi isenzo kufanele sibe nomphumela oholela ekugcwalisekeni kwezinhloso ezimisiwe. Ngakho-ke, kubalulekile ukuchaza ngokucacile ukuthi yimaphi amapharamitha ukufezwa kwezinjongo okuzokalwa ngawo kokubili kulo lonke uhlelo lokuphatha ukuphepha kolwazi kanye nendlela ngayinye yokulawula ekhethiwe evela kuSijobelelo Sokusebenza.
10. Sebenzisa izilawuli zokuphepha kolwazi
Futhi kuphela ngemva kokuqeda zonke izinyathelo zangaphambilini lapho kufanele uqale ukusebenzisa izilawuli zokuphepha zolwazi ezisebenzayo kusukela kuSithasiselo Sokusebenza. Inselele enkulu lapha, vele, izokwethula indlela entsha ngokuphelele yokwenza izinto kuzo zonke izinqubo zenhlangano yakho. Abantu bavame ukumelana nezinqubomgomo nezinqubo ezintsha, ngakho qaphela iphuzu elilandelayo.
11. Ukuqalisa izinhlelo zokuqeqesha abasebenzi
Wonke amaphuzu achazwe ngenhla ayoba yize uma abasebenzi bakho bengaqondi ukubaluleka kwephrojekthi futhi bengenzi ngokuvumelana nezinqubomgomo zokuphepha kolwazi. Uma ufuna abasebenzi bakho bahambisane nayo yonke imithetho emisha, kufanele uqale uchazele abantu ukuthi kungani kudingekile, bese unikeza uqeqesho nge-ISMS, uqokomisa yonke imigomo ebalulekile abasebenzi okufanele bayicabangele emsebenzini wabo wansuku zonke. Ukuntuleka kokuqeqeshwa kwabasebenzi kuyisizathu esijwayelekile sokwehluleka kwephrojekthi ye-ISO 27001.
12. Gcina izinqubo ze-ISMS
Kuleli qophelo, i-ISO 27001 iba umkhuba wansuku zonke enhlanganweni yakho. Ukuqinisekisa ukuqaliswa kwezilawuli zokuphepha kolwazi ngokuvumelana nezinga, abacwaningi mabhuku kuzodingeka banikeze amarekhodi - ubufakazi bokusebenza kwangempela kwezilawuli. Kodwa ngaphezu kwakho konke, amarekhodi kufanele akusize ulandelele ukuthi abasebenzi bakho (kanye nabahlinzeki-mpahla) bayayenza yini imisebenzi yabo ngokuhambisana nemithetho egunyaziwe.
13. Gada i-ISMS yakho
Kwenzakalani nge-ISMS yakho? Zingaki izigameko onazo, hlobo luni lwazo? Ingabe zonke izinqubo zilandelwa ngendlela efanele? Ngale mibuzo, kufanele uhlole ukuthi inkampani iyahlangabezana yini nezinjongo zayo zokuphepha kolwazi. Uma kungenjalo, kufanele wenze uhlelo lokulungisa isimo.
14. Yenza ucwaningo lwangaphakathi lwe-ISMS
Inhloso yocwaningo lwangaphakathi ukukhomba ukungqubuzana phakathi kwezinqubo zangempela enkampanini kanye nezinqubomgomo zokuvikela ulwazi ezigunyaziwe. Ngokwengxenye enkulu, ibheka ukubona ukuthi abasebenzi bakho bayilandela kahle kangakanani imithetho. Leli yiphuzu elibaluleke kakhulu, ngoba uma ungalawuli umsebenzi wabasebenzi bakho, inhlangano ingase ihlukumezeke (ngenhloso noma ngokungenhloso). Kodwa inhloso lapha akukhona ukuthola izigilamkhuba nokubaqondisa ngokungalandeli imigomo, kodwa ukulungisa isimo nokugwema izinkinga ezizayo.
15. Hlela ukubuyekezwa kwabaphathi
Abaphathi akufanele bamise i-firewall yakho, kodwa kufanele bazi ukuthi kwenzekani ku-ISMS: isibonelo, noma ngabe wonke umuntu uyahlangabezana yini nezibopho zakhe nokuthi i-ISMS iyayizuza yini imiphumela yayo eqondiwe. Ngokusekelwe kulokhu, abaphathi kumele benze izinqumo ezibalulekile zokuthuthukisa i-ISMS kanye nezinqubo zebhizinisi zangaphakathi.
16. Yethula uhlelo lwezenzo zokulungisa nokuvimbela
Njenganoma iyiphi indinganiso, i-ISO 27001 idinga βukuthuthukiswa okuqhubekayoβ: ukulungiswa okuhlelekile nokuvimbela ukungqubuzana ohlelweni lokuphatha ukuphepha kolwazi. Ngezenzo zokulungisa nezokuvikela, ukungahambisani kungalungiswa futhi kuvinjwe ukuthi kuphinde kwenzeke esikhathini esizayo.
Sengiphetha, ngithanda ukusho ukuthi empeleni, ukuthola isitifiketi kunzima kakhulu kunalokho okuchazwe emithonjeni ehlukahlukene. Lokhu kuqinisekiswa yiqiniso lokuthi eRussia namuhla kukhona kuphela kuqinisekisiwe ukuthi ziyahambisana. Ngesikhathi esifanayo, lokhu kungenye yezindinganiso ezithandwa kakhulu phesheya, ukuhlangabezana nezidingo ezikhulayo zebhizinisi emkhakheni wokuphepha kolwazi. Lesi sidingo sokuqaliswa asibangelwa nje kuphela ukukhula nokuba yinkimbinkimbi kwezinhlobo zezinsongo, kodwa futhi nezidingo zomthetho, kanye namakhasimende adinga ukugcina imfihlo ephelele yedatha yabo.
Ngaphandle kweqiniso lokuthi ukunikezwa isitifiketi kwe-ISMS akuwona umsebenzi olula, lona kanye iqiniso lokuhlangabezana nezidingo zezinga lamazwe ngamazwe le-ISO/IEC 27001 linganikeza inzuzo enkulu yokuncintisana ezimakethe zomhlaba. Sithemba ukuthi isihloko sethu sinikeze ukuqonda kokuqala kwezigaba ezibalulekile ekulungiseleleni inkampani ukuthola isitifiketi.
Source: www.habr.com