Clever Geek Handbook

What is a security policy?

In our world, essentially, an information and technological race has unfolded. There are many different aspects and situations that require a certain reaction. To unify the reaction and prepare for the challenges, a security policy is being developed. Depending on the scope, it can be informational, national, industrial, state and economic.

What is politics?

Many people consider it to be a delicious, but not mandatory dessert, which, if desired, can be added to the main means of protection. This point of view is fundamentally wrong. After all, politics should be the basis for a comprehensive security strategy and be a practical part of defense systems. In fact, it is a plan (course) of action that is intended for governments, parties or commercial structures, which allows to determine or influence the decisions made, actions, as well as other problems. It can also be considered as a document (or their code), where issues of philosophy, strategy, organization, methods of confidentiality, integrity, suitability are examined. Thus, they represent a set of mechanisms by which goals are determined and achieved. And what exactly they are - it already depends on the field of activity and implementation. As a rule, this assumes that there is a need for serious investments, and specifically - financial, human and time resources. In this area you should not skimp on costs, because their losses exceed many times.

What mechanisms are used in security policy?

security policy implementation

They were previously mentioned in passing, but now let's look at them more closely.

  1. Philosophy. This refers to the organization’s approach to security issues, guidelines, and a structure for resolving issues. Philosophy can be imagined as a large dome, under which all other mechanisms are located. They are used to explain in all future situations why a person is doing exactly what he is doing.
  2. Strategy. This is a project (plan) within the framework of the security philosophy. Its detailing shows how the organization plans to achieve its goals.
  3. Rules. Explain what should not be done.
  4. Methods Depends on them how the policy will be organized. They are a practical guide on what and how to do in certain cases.

In the field of information technology

Perhaps this is the most famous aspect. The main goals that are pursued in this case are to ensure the integrity and confidentiality of data. In addition, a local security policy of Windows (or another operating system that is installed on computer technology) is being worked out in order to differentiate access rights so that an ordinary employee could not use the same information as the director. It should reflect the accepted philosophy and management strategy and be indisputable evidence of intentions to ensure data security. Interestingly, partners are most often interested in just this, and not the technical means that are used to achieve this goal. An information security policy provides these benefits.

  1. Benchmark for measuring the situation. Since the chosen policy reflects the adopted philosophy and strategy, it acts as a perfect standard, with the help of which the feasibility and payback of existing costs are measured. For example, you can use the “Answer the hacker the same” intelligent firewall installed on the international space station and costing from a small Caribbean island. But will it pay off and does it make sense to cover possible damage?
  2. Ensures diligence and consistency across all branches. The biggest problem for executives and employees of the information security service is not exploits and viruses, not hacking and password hijacking. The hardest thing is to guarantee the quality work of the staff. This applies to both system administrators and other employees, through whose illiteracy and ineptitude, problems may arise.
  3. Information Security Guide. A well-developed security policy can act as a real bible for a system administrator. And greatly facilitate the work and increase its effectiveness.

What else?

security policy

Let's take a closer look at the local security policy. Initially, it is necessary to provide an understanding of the goals pursued and the challenges ahead. Here you need to clearly understand that everything that is done is necessary not only to investigate the facts of data leakage, but also to minimize the risks of the company itself and, as a result, to increase its profit. In order to introduce all the necessary protective measures, it must be approved by the highest administrative staff (director, their council, general manager). An information security policy is always a compromise between user experience and risk reduction. When you create it, you have to concentrate on two main points.

  1. The target audience. End users and management must understand the policy. It should be borne in mind that they cannot master complex technical expressions.
  2. Specific goals, methods for achieving them, responsibility. No need to eat shove everything. No technical details.

The final document must satisfy the following conditions:

  • conciseness: if the document will be large, it will frighten away the user and no one will read it;
  • accessibility for a simple layman: the end user should have a good understanding of what is described in the policy.

The work of industrial enterprises

information security policy

Everything is far from being limited to information technology alone. Take, for example, an ordinary industrial enterprise. Does it make sense to work here? And what else.

An industrial safety policy should be created in order to avoid industrial accidents, to preserve trade secrets, to ensure timely logistics supplies and for a number of other purposes on which the success of an enterprise depends. It all depends on what types of work is being done on it, what challenges the management faces, what dangers the production process and the objectives pursued. Additionally, specific documents can be created aimed at preserving a certain advantage. For example, the economic security policy of an enterprise may contain mechanisms aimed at maintaining trade secrets. In such cases, it is worked out, for example, where drawings are stored and who has access to them. In addition, one should mention job descriptions, and guidelines for activities, and internal regulatory documents and much more. That is, it is necessary to take into account potential problem areas and take appropriate decisions in order to eliminate or minimize the danger coming from them. Development of a plan for the evacuation of employees in case of fires, rules of action in case of fire (where is the fire extinguisher and how to work with it), safe working technique - all this is of interest and should be taken into account. Since putting all this in one document is problematic, and often also very expensive in terms of resources and time, policies are divided into several levels and links.

And what about the states?

security policy framework

Yes, a security policy exists here too. Only it is more extensive and multifaceted, you can put everything in one document only in the most general terms. Documents that discuss the basics of security policy are usually in the public domain and anyone can read them. Details and details have to be hidden due to the fact that their disclosure can lead to certain damage. The national security policy includes the defense sector, planning, management, practical implementation of the goals and economic and economic support activities. Depends on it how peace and peaceful measured life of citizens of the whole country will be ensured. It is recommended to include goals, interests, guidelines, values, strategic challenges, threats, risks and situations. Politics is used to express the views of the government and the founding institutions of society. A fairly common situation is when a country has not one document, but several, and all of them regulate security issues. Since they are based on certain legal documents adopted in the state, the development of regulatory support has a positive effect on the current policy, and vice versa. It should be noted that just taking and copying all the documentation in this case does not work out. It is likely that this also applies to their part. Why? The fact is that documents are always intended for specific countries. Although it is quite possible to find common ground. These are:

  • state role in the international system;
  • the formulation of ideas about existing opportunities and challenges;
  • elaboration of the duties of the contractor when searching for answers to the previous paragraph.

Let's take a closer look at this list.

About the role and effectiveness

rf security policy

The first element allows us to determine the state’s vision of the international system and the role that it plays in it. The second is used to assess future opportunities (external and internal) and threats. The third element is necessary to describe the functions and responsibilities of each performer. For example, the ministry of defense (or its head). In order to ensure good and effective management, the following principles must be adhered to.

  1. To form an integrated approach to the subjects, measures and problems of the security sphere. This will qualitatively cover a wide range of issues.
  2. To legitimize, deal with problematic issues and improve performance indicators, a discussion of the decisions taken is used, within which consensus is reached.
  3. A wide range of threats should be considered: terrorism, natural disasters, socio-economic problems and so on.
  4. It is believed to adhere to international law.
  5. It is necessary to carefully evaluate the funds available at a given time.
  6. Transparency, accountability and control of actors and processes should be ensured.
  7. In a changing environment (which is an integral part of our world), it is important to worry about willingness and flexibility.
  8. The state security policy is simply obliged to take into account the current international situation, the behavior and interests of participants, rules and standards.

The development process should include a significant circle of participants. Although the main stages of creation and approval are accepted at the highest levels of government, assessment, research and formulation are not complete without scientific workers, security officers, military personnel and public organizations.

And what about the Russian Federation?

Security policy

The security policy of the Russian Federation does not differ in something surprisingly unique in comparison with other countries. But still you can talk about it in more detail.

The main goal pursued is to ensure national security. This implies conducting activities aimed at protecting the interests of both the whole society and individual citizens. Ensuring a security policy is to achieve your goals and to fulfill fundamental tasks. This process, according to regulatory support, is carried out strictly within the framework of the law. The implementation of the security policy must maintain a balance of interests of the state, society and individual citizens. The main direction of its implementation is the counteraction to internal and external factors. At the same time, it is agreed that the main principles on which the stake is made are:

  • compliance with the Constitution and regulatory legislation of the Russian Federation;
  • integration with international security systems;
  • legality;
  • balancing between the vital interests of the individual, society and country;
  • priority information, diplomatic, economic and political measures to ensure national security;
  • unity and interconnection of different aspects of work;
  • the reality of the tasks put forward;
  • combination of de / centralized management of funds and available forces.

What is all this for?

The main objective pursued in this case is the maintenance and creation of the necessary level of protection of the vital interests of all facilities in whose interests safety is being developed. Ultimately, favorable conditions must be created for the development of the whole country, society and the individual. At the same time, opposition to various challenges is carried out. The main tasks that are solved in this case:

  • timely forecast and identify threats to the national security of the Russian Federation;
  • implement operational and long-term measures to prevent and neutralize hazards;
  • ensure the sovereignty and territorial integrity of the Russian Federation, as well as the security of the border space;
  • strengthening the rule of law, as well as maintaining the socio-political stability of society;
  • ensuring constitutional rights and freedoms;
  • implementation of effective measures to identify, suppress and prevent the subversive and intelligence activities of foreign countries;
  • expansion of international law enforcement cooperation;
  • identification, elimination and prevention of conditions and causes that contribute to the intensification of crime.

Conclusion

local security policy

As you can see, security policy is a multifaceted concept. If we talk about the enterprise - here is one level. The country is completely different. Yes, and each level may have its own characteristics - an industrial enterprise requires one approach, the active use of information technology is already different. It all depends on the conditions and goals pursued.

More articles:


All Articles