Software implementation of the enterprise protection system

Abstract

The article proposes the implementation of a specific information system for ensuring the in-formation security of the enterprise. The peculiarities of the international standard ISO/IEC-15408, which is a methodology of tasks, assessments and a catalog of IT security requirements have been studied and analyzed. The specifics of the application of general security criteria have been defined and the use of Active Directory services has been proposed as an example of the implementation of General Criteria at the enterprise. The advantages of the Active Directory service in comparison with the Workgroup have been determined. Step-by-step construction of a fault-tolerant enterprise data protection system has been offered. A feature of the proposed system is the fault tolerance of the directory service, which is ensured by deploying servers – domain controllers in each domain. The article defines the main tasks of the proposed data pro-tection system, including the comprehensive coverage of management functions, the efficiency of use of computer and telecommunications equipment and software, and the adaptability of the functional and instrumental structure of the system to the features of the managed object. The proposed complex data protection system consists of a number of interconnected components. A mandatory component of setting up a comprehensive protection system is the organization of a backup system for critical databases, which includes planning a backup schedule for various servers. To manage access rights, user groups have been added, taking into account the specifics of the company's work, and setting policies makes it possible to limit access to data on the company's file servers in accordance with different levels of access to information. The imple-mentation of research materials into the practice of solving applied tasks aimed at implement-ing a data protection system at enterprises has been confirmed by acts of practical application at the enterprise Medical Center Consilium Medical LLC.