The government has approved the standard regulation of the position of deputy head of information security. Government bodies, state corporations, strategic enterprises and organizations and subjects of critical information infrastructure (banks, telecom operators, etc.) will be required to create and fill the position.

According to the document, the person responsible for information security is appointed by the head of organization and must be a member of its collegial bodies. The document also specifies the qualification requirements for such employees. These requirements include:

• a specialized higher education degree;
•  knowledge of the impact of IT on the activities of the organization, including the principles of construction and operation of operating systems, data base management systems, networks and their main protocols;
• knowledge of the specific features of ensuring the organization’s information security, including the procedures for organizing work to ensure information security, the main threats, methods and tools used in cyber attacks, etc.

Such an employee will organize the development of information security policies, conduct research and development work to ensure information security, and monitor the security level in the organization. The employee will be liable for violation of the requirement to ensure information security and protect systems and networks that led to negative consequences, for the disclosure of state secrets, etc.

Original in Russian

Documents on the topic:

Governmental regulation No. 1272 of July 15, 2022