Security policy - what is it?

Table of contents:

Security policy - what is it?
Security policy - what is it?
Anonim

In our world, in essence, an information and technological race has unfolded. There are many different aspects and situations that require a certain response. To unify the response and prepare for challenges, a security policy is developed. Depending on the scope of application, it can be informational, national, industrial, state and economic.

What is politics?

A lot of people see it as a tasty but optional dessert that can be added to basic remedies if desired. This point of view is fundamentally wrong. After all, politics should be the basis for a comprehensive security strategy and be a practical part of defense systems. In essence, it is a plan (course) of action, which is intended for governments, parties or commercial structures, allowing you to determine or influence decisions, actions, and other problems. It can also be considered asa document (or a set of them) that deals with questions of philosophy, strategy, organization, methods of confidentiality, integrity, suitability. Thus, they represent a set of mechanisms through which goals are defined and achieved. And what they are - it already depends on the field of activity and implementation. As a rule, this implies the need for serious investments, namely, monetary, human and time resources. In this area, you should not skimp on the costs, because the losses exceed them many times over.

What mechanisms are used in the security policy?

security policy implementation
security policy implementation

They were briefly mentioned earlier, but now let's take a closer look at them.

  1. Philosophy. This refers to the organization's approach to security issues, guidelines, structure for resolving issues. Philosophy can be thought of as a big dome under which all other mechanisms are located. They are used to explain in all future situations why a person does what they do.
  2. Strategy. This is a project (plan) within the framework of the security philosophy. Its detail shows how the organization plans to achieve its goals.
  3. Rules. Explain what not to do.
  4. Methods. It depends on them how exactly the policy will be organized. They are a practical guide to what and how to do in certain cases.

In information technology

Perhaps the most famous aspect. The main goals thatpursued in this case is to ensure the integrity and confidentiality of data. Additionally, a local security policy for Windows (or another operating system that is installed on computer equipment) is being worked out in order to differentiate access rights so that an ordinary employee cannot use the same information as the director. It should reflect the accepted management philosophy and strategy and be indisputable proof of the intent to ensure data security. Interestingly, partners are most often interested in this, and not in the technical means that are used to achieve this goal. An information security policy provides these benefits.

  1. Benchmark for measuring the situation. Since the chosen policy reflects the accepted philosophy and strategy, it acts as a perfect standard by which to measure the feasibility and payback of existing costs. For example, you can use the intelligent firewall "Answer the hacker in kind", installed on the international space station and costing about a small Caribbean island. But will it pay off and does it make sense to cover possible damage?
  2. Guarantees diligence and consistency across all branches. The biggest problem for information security managers and employees is not exploits and viruses, hacking and password interception. The hardest thing is to guarantee the quality of the work of the staff. This applies to both system administrators and other employees, through whose illiteracy and incompetence it is possibleproblems.
  3. Information security guide. A well-designed security policy can be the bible of a system administrator. And greatly facilitate the work and increase its efficiency.

What else?

security policy enforcement
security policy enforcement

Let's take a closer look at the local security policy. Initially, it is necessary to ensure an understanding of the goals pursued and the challenges ahead. Here it is necessary to clearly understand that everything that is being done is necessary not only to investigate the facts of data leakage, but also to minimize the risks of the company itself and, as a result, to increase its profits. In order to introduce all necessary protective measures, it must be approved by the highest administrative staff (director, their board, general manager). An information security policy is always a certain compromise between user experience and risk reduction. When creating it, you have to concentrate on two main points.

  1. Target audience. End users and management must understand the policy. It should be taken into account that they cannot master complex technical expressions.
  2. Specific goals, methods to achieve them, responsibility. No need to eat cram everything. No technical details.

The final document must satisfy the following conditions:

  • conciseness: if the document is large, it will scare away the user and no one will read it;
  • availability forlayman: the end user must have a good understanding of what is described in the policy.

Work of industrial enterprises

information security policy
information security policy

Everything is far from being limited to information technology alone. Take, for example, an ordinary industrial enterprise. Does it make sense to work here? And what else.

Industrial safety policy should be created to avoid accidents at work, to maintain trade secrets, to ensure timely logistics deliveries and for a number of other purposes on which the success of the enterprise depends. It all depends on what types of work are carried out on it, what challenges the management faces, what dangers the production process and the goals pursued are fraught with. Additionally, specific documents can be created aimed at maintaining a certain advantage. For example, the economic security policy of an enterprise may contain mechanisms aimed at maintaining trade secrets. In such cases, it is worked out, for example, where the drawings are stored and who has access to them. In addition, it is necessary to mention job descriptions, and manuals for activities, and internal regulatory documents, and much more. That is, it is necessary to take into account potential problem areas and make appropriate decisions in order to eliminate or minimize the danger coming from them. Development of an evacuation plan for employees in case of fires, rules of action in case of fire (wherefire extinguisher and how to use it), safe working techniques are all of interest and should be taken into account. Since it is problematic to put all this in one document, and often it is also very costly in terms of resources and time, the policy is divided into several levels and links.

What about states?

fundamentals of security policy
fundamentals of security policy

Yes, there is a security policy here too. Only it is more extensive and multifaceted, it is possible to put everything in one document only in the most general terms. Documents that discuss the basics of security policy are, as a rule, in the public domain and anyone can familiarize themselves with them. Details and details have to be hidden due to the fact that their disclosure can lead to certain damage. The national security policy includes the defense sector, planning, management, the practical implementation of the goals set and the economic and economic support of activities. It depends on it how peace and peaceful measured life of citizens of the whole country will be ensured. It is recommended to include goals, interests, guiding principles, values, strategic challenges, threats, risks and situations. Politics is used to express the views of the government and the fundamental institutions of society. Quite common is the situation when a country has not one document, but several, and all of them regulate security issues. Since they are based on certain legal documents adopted in the state, the development of regulatory support is positiveinfluences the policy pursued, and vice versa. It should be noted that simply taking and copying all the documentation in this case will not work. It is likely that this also applies to some of them. Why? The fact is that documents are always intended for specific countries. Although it is quite possible to find common ground. These are:

  • the state's role in the international system;
  • formulate vision of existing opportunities and challenges;
  • working out the responsibilities of the performer when looking for answers to the previous paragraph.

Let's take a closer look at this list.

On the role and effectiveness

Russian security policy
Russian security policy

The first element allows you to define the state's vision of the international system and the role it plays in it. The second is used to assess future opportunities (external and internal) and threats. The third element is necessary to describe the functions and responsibilities of each performer. For example, the Ministry of Defense (or its leader). To ensure good and effective governance, the following principles must be adhered to.

  1. Form a comprehensive approach to the subjects, measures and problems of the security sector. This will qualitatively cover a wide range of issues.
  2. To legitimize, deal with problematic issues and improve performance, discussion of decisions is used, within which consensus is reached.
  3. A wide range of threats should be considered: terrorism,natural disasters, socio-economic problems and so on.
  4. It is supposed to adhere to international law.
  5. Currently available funds need to be carefully assessed.
  6. Transparency, accountability and control of actors and processes should be ensured.
  7. In a changing environment (which is an integral part of our world), it is important to be prepared and flexible.
  8. The policy of state security is simply obliged to take into account the current international situation, the behavior and interests of participants, rules and standards.

The development process should include a significant number of participants. Although the basic steps of creation and approval are taken at the highest levels of government, evaluation, research and formulation are not complete without scientists, security personnel, military personnel and civil society organizations.

And what about the Russian Federation?

Security policy
Security policy

The security policy of the Russian Federation does not differ in something surprisingly unique compared to other countries. But still, you can tell about it in more detail.

The main goal pursued is to ensure national security. This implies the conduct of activities aimed at protecting the interests of both the whole society and individual citizens. Ensuring the security policy consists in achieving the set goals and fulfilling the fundamental tasks. This process, according to the regulatory framework, is carried out strictly within the framework of the law. Policy Implementationsecurity must balance the interests of the state, society and individual citizens. The main direction of its implementation is counteracting internal and external factors. At the same time, it is stipulated that the main principles on which the bet is made are:

  • observance of the Constitution and legal legislation of the Russian Federation;
  • integration with international security systems;
  • legitimate;
  • balancing between the vital interests of the individual, society and country;
  • priority of information, diplomatic, economic and political measures to ensure national security;
  • unity and interconnection of different aspects of work;
  • reality of the tasks put forward;
  • combination of de/centralized management of funds and available forces.

What is it all for?

The main goal pursued in this case is to maintain and create the necessary level of protection of the vital interests of all objects, in the interests of which security is being developed. Ultimately, favorable conditions should be created for the development of the whole country, society and the individual. At the same time, various challenges are confronted. The main tasks that are solved in this case:

  • timely predict and identify threats to the national security of the Russian Federation;
  • implement prompt and long-term measures to prevent and neutralize dangers;
  • ensure the sovereignty and territorial integrity of the Russian Federation, as well asborder security;
  • strengthening the rule of law, as well as maintaining the socio-political stability of society;
  • ensuring constitutional rights and freedoms;
  • implementation of effective measures to detect, suppress and prevent subversive and intelligence activities of foreign states;
  • expanding international law enforcement cooperation;
  • identifying, eliminating and preventing conditions and causes that contribute to the intensification of crime.

Conclusion

local security policy
local security policy

As you can see, security policy is a multifaceted concept. If we talk about the enterprise - there is one level. The country is completely different. Yes, and each level may have its own characteristics - an industrial enterprise requires one approach, the active use of information technology - already another. It all depends on the conditions and the goals pursued.

Recommended: