Implementation of information security and data processing center protection standards

摘要

The article deals with the issue of information security. The purpose of the research is to analyze information security procedures, development information security systems and implementation of international information security standards. Information security involves both storing and accessing sensitive information and data warehousing. It can be carried out with Data Processing Centers. A number of standards were developed to improve efficiency of information security departments. One of them is ISO/IEC 27001. It involves requirements to information security management systems which are obligatory for certification. Along with management elements for computers and networks, ISO/IEC 27001 specifies the issues of security policy development, staff relations. Processed information security is one of the crucial issues when creating new data processing centers. Accordingly, reliability and fault-tolerance of data centers in the Uptime Institute's Tier Classification System are paid special attention to. Operational Sustainability is an additional characteristics to asses DPC's performance. Advantage of the standard is due to the flexibility of its requirements which enable objective evaluation of DPC's performance at the design stage and comparison of the current performance. Data centers can be awarded with Tier 1 to 4 depending upon the degree of reliability. Tiers is progressive: each Tier incorporates the requirements of all the lower Tiers. The Uptime Institute also developed Tier Standard: Topology and Tier Standard: Operational Sustainability which specify the methods of DPC performance evaluation. The article analyzes the key points of these standards, their advantages and implementation experience in Russian organizations.