The Modeling of Processes of Design of Information Protection Systems in Critical Information Infrastructures
( Pp. 45-55)

The relevance and necessity of implementations of measures of information security in CII (critical information infrastructures) is explained by several reasons. Firstly, these are the requirements of Russian legislation. Note that some CII objects, because of the nature of the information being processed, can also be attributed to GIS (state information systems) or ISPDn (personal data information systems). There are also requirements for information security measures [4; 5] for systems of this type, which largely correlate with the measures described for CII objects in [6]. Secondly, it is the objective presence of threats of various kinds that require neutralization and exist in almost all modern information systems. In order to ensure information security, the protective mechanisms used at CII facilities should take into account such factors as a significant amount of processed information, the need to ensure correct, stable and trouble-free operation, the multi-user nature of access to information resources, and ensuring the security of managed equipment. The fact that failures and errors in the operation of information systems in a number of CII of industrial enterprises can entail not only economic damage or negative social consequences, but also create a direct threat to the lives of a significant number of people, that live not so far to the place of work of these objects [11]. Modeling of the work performed at the design stage of information security systems of CII facilities is due to the complexity of this process. In present, ensuring the information security of CII facilities is one of the most important tasks currently being solved at the state level. These circumstances determine the relevance of writing the article. The purpose of writing this work is the developing of the set of models describing the features of organizational, legal and technical processes that arise at the stages of formation of requirements for ensuring information security of CII facilities. The normative legal acts of the FSTEC of Russia, which are in the public domain, are used as the methodological basis for writing the work. The methodology of functional graphical modeling IDEF0 was used to describe the ongoing work performed at the design stage of the information security system of the CII. The result of the research presented in this paper is a set of graphical and symbolic models describing the processes performed at the design stage of the information security system in critical information infrastructures.

Prokushev Y.E., Ponomarenko S.V., Shishov N.V., (2022), THE MODELING OF PROCESSES OF DESIGN OF INFORMATION PROTECTION SYSTEMS IN CRITICAL INFORMATION INFRASTRUCTURES. Computational Nanotechnology, 2 => 45-55.

Federal Law No. 149-FZ of July 27, 2006 “On information, information technologies and information protection”.
Federal Law No. 187-FZ of July 27, 2006 “On the security of the critical information infrastructure of the Russian Federation”.
Decree of the Government of the Russian Federation of February 8, 2018 No. 127 “On approval of the Rules for categorizing objects of critical information infrastructure of the Russian Federation and the list of indicators of criteria for the significance of objects of critical information infrastructure of the Russian Federation and their values”.
Order No. 17 “On approval of requirements for the protection of information that does not constitute a state secret contained in state information systems”. Approved by FSTEC of Russia of 11.02.2013.
Order No. 21 “On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems”. Approved by FSTEC of Russia of 18.02.2013.
Order No. 239 “On approval of the Requirements for ensuring the security of significant objects of critical information infrastructure of the Russian Federation”. Approved by FSTEC of Russia of 25.12.2017.
Order No. 31 “On approval of requirements for providing information protection in automated management systems for industrial and technological processes on critical objects, potentially dangerous facilities, as well as objects representing increased danger to people's lives and health and environmental environment”. Approved by FSTEC of Russia of 14.03.2014.
Methodological document “Methodology for assessing information security threats”. Approved by FSTEC of Russia of 05.02.2021.
Order No. 77 “The procedure for organizing and carrying out work on certification of informatization objects for compliance with the requirements for the protection of information of limited access that is not a state secret”. Approved by FSTEC of Russia of 29.04.2021.
Goldobina A.S., Isaeva Yu.A., Selifanov V.V. et al. Construction of an adaptive three-level model of control processes of the information protection system of critical information infrastructure objects. Reports of the Tomsk State University of Control Systems and Radioelectronics. 2018. Vol. 21. No. 4. Pp. 51-58. (In Rus.)
Ponomarenko S.V., Ponomarenko S.A., Prokushev Ya.E. Information security of critical information infrastructure systems: Monograph. Belgorod: BUKEP Publishing House, 2021. 133 p.
Ponomarenko S.V., Ponomarenko S.A., Alexandrov V.V. Modeling of unauthorized access to information resources of key information infrastructure systems: Monograph. Belgorod: BUKEP Publishing House, 2017. 180 p.
Prokushev Ya.E., Ponomarenko S.V., Ponomarenko S.A. Modeling of information security systems design processes in state information systems. Computational Nanotechnology. 2021. Vol. 8. No. 1. Pp. 26-37. (In Rus.)
The Data bank of information security threats [Electronic resource]. URL: https://bdu.fstec.ru/threat

modeling of information security processes, information security, information security management, graphical modeling, methodology of functional graphical modeling, critical information systems.