Building a System of Information Security Software for the Enterprise

Development of information technologies and global informatization of society creates both positive, and negative results. Increase in amount of information and information streams in society leads to perfection of many processes, development and improvement of interaction, but also gives rise to new threats and new type of malefactors which operate with virtual data. In order to give a detailed answer to the question "how to build a system of information security software for the enterprise to protect it and the data from malefactors", we have to consider both technical aspects of information system and standards and legal aspects of information security in the territory of the Russian Federation. In order to solve the set of objectives I chose the medical industry (private dental clinic ООО «Ладент VIP») because not every establishment has an appropriate information security system. This is aggravated with the fact that even without the audit of system of the enterprise, it is possible to tell that the most part of information systems of similar clinics is classified as ИСПДн К1 that imposes certain restrictions based on Federal laws which mention the appropriate level of information security and the technical measures applied. In this paper, an analysis of the information system of «Ладент VIP» has been carried out. As a result of this analysis, multiple vulnerabilities of the system of information security has been found out: vulnerabilities of authentication, differentiation of access rights of users as well as lack of control of passwords. As a solution on improvement of an information security system of the enterprise, I purposed the following points: • usage of electronic keys eToken in order to improve the authentication process as well as a tool of passwords control; • protection of infromation from illegal access and usage of security log with the aid of СЗИ «Аура 1.2.4»; • improvements in anti-virus protection system.