Integrated protection system of information (IPSI) – A set of organizational and technical measures aimed at ensuring the protection of information from disclosure, leakage and unauthorized access.
Arrangements are a necessary component of the construction of any IPSI. Engineering activities are carried out as required.
Organizational arrangements
Organizational arrangements include the establishment of information security concepts, as well as:
- preparation of job descriptions for users and staff;
- creation of administrative rules of a component information system, accounting, storage, copying, destruction of media, identification of users;
- development of action plans in case of unauthorized access to system information resources, failure protection, an emergency;
- learning the rules of information security.
In case of need, as part of the organizational arrangements can be established information security services, reorganized workflow systems and document storage.
Engineering arrangements
Engineering arrangements – a set of special technical (software, firmware, hardware) and uses of funds for the protection of information. Selection of engineering activities depends on the level of data protection that must be provided.
Engineering measures undertaken to protect the organization’s information infrastructure may include using secure connections, firewalls, distinction information flows between network segments, the use of cryptographic security and protection from unauthorized access.
In case of need, as part of the engineering activities, fire alarm systems and access control systems can be installed in the room.
Necessity of IPSI implementation
The need to build IPSI determined by the requirements of normative documents in the sphere of technical and cryptographic protection of information, or the desire of the owner of information resources.
According to the Law of Ukraine “On protection of information in telecommunication systems”:
- information that is owned by the state or information with restricted access must be protected by constructing IPSI, and subsequent reception of a “Certificate of Conformity” which is issued by the Administration State Special Communications Service of Ukraine on the results of state expertise IPSI;
- other information can be protected by IPSI on request of its owner.
Responsibility for the lack of or inadequate implementation of protection of the information in the information system shall be the head of the company, according to the current legislation of Ukraine.