The modeling of information security system design processes in state information systems
( Pp. 26-37)

More about authors
Prokushev Yaroslav E. Cand. Sci. (Econ.), Associate Professor; associate professor at the Department of Applied Information Technology and Information Security
Plekhanov Russian University of Economics
Moscow, Russian Federation Ponomarenko Sergei V. Cand. Sci. (Eng.), Associate Professor; Professor at the Department of Information Security
Belgorod University of Cooperation, Economics and Law
Belgorod, Russian Federation Ponomarenko Sergei A. docent kafedry organizacii i tehnologii zaschity informacii
Belgorod University of Cooperation, Economics and Law
For read the full article, please, register or log in
Abstract:
The relevance and necessity of implementing measures to protect information in state information systems today is obvious both from the point of view of existing legislation, and from the point of view of the objective presence of a large number of threats of a very different nature. Protective measures should take into account such factors as the growth of the volume of processed information, the use of various data processing technologies, the multi-user nature of access to information resources, and the complexity of the modes of operation of technical means [Schneier, 2003]. Thus, ensuring information security is a complex of interrelated business processes of an organizational, legal and technical nature. The complexity of the processes of implementing security systems makes it necessary to perform the planning stage of this process, which is closely related to the need to develop a domain model. This determines the relevance of writing this work. The purpose of this article is to develop a set of models that describe the features of organizational, legal and technical processes that arise at the design stages of information security systems in state information systems. The methodological basis for writing the work is the normative legal acts of the FSTEC of Russia. A comparative analysis of possible methods of modeling the described subject area allowed us to determine the tools used. To describe the ongoing processes in the design of the information security system, the SADT functional graphical modeling methodology was used. Mathematical modeling methods were used to model the process of rational choice of information security tools. The result of the research presented in this paper is a set of models that describes the processes characteristic of the design stage of the information security system in state information systems.
How to Cite:
Prokushev Y.E., Ponomarenko S.V., Ponomarenko S.A., (2021), THE MODELING OF INFORMATION SECURITY SYSTEM DESIGN PROCESSES IN STATE INFORMATION SYSTEMS. Computational Nanotechnology, 1 => 26-37. DOI: 10.33693/2313-223X-2021-8-1-26-37
Reference list:
Federal nyy zakon № 149-FZ ot 27 iyulya 2006 goda Ob informatsii, informatsionnykh tekhnologiyakh i zashchite informatsii .
Prikaz FSTEK Rossii ot 11 fevralya 2013 g. № 17 Ob utverzhdenii trebovaniy o zashchite informatsii, ne sostavlyayushchey gosudarstvennuyu taynu, soderzhashcheysya v gosudarstvennykh informatsionnykh sistemakh .
Metodicheskiy dokument FSTEK Rossii Metodika otsenki ugroz bezopasnosti informatsii . Utv. FSTEK Rossii 5 fevralya 2021 g.
Metodicheskiy dokument FSTEK Rossii Mery zashchity informatsii v gosudarstvennykh informatsionnykh sistemakh . Utv. FSTEK Rossii 11 fevralya 2014 g.
Polozhenie po attestatsii ob ektov informatizatsii po trebovaniyam bezopasnosti informatsii. Utverzhdeno predsedatelem Gosudarstvennoy tekhnicheskoy komissii pri Prezidente Rossiyskoy Federatsii 25 noyabrya 1994 g.
Litvak B.G. Ekspertnye tekhnologii v upravlenii: uchebnoe posobie, 2-e izd., ispr. i dop. M.: Izdatel stvo Delo , 2004. 400 s.
Prokushev YA.E., Ponomarenko S.V. Sravnitel nyy analiz sredstv programmno-apparatnoy zashchity informatsii, primenyaemykh v informatsionnykh sistemakh personal nykh dannykh // Informatsiya i bezopasnost . 2012. T. 15. № 1. S. 31-36.
Prokusheva A.P., Prokushev YA.E. Modelirovanie i optimizatsiya vybora sredstv programmno-apparatnoy zashchity informatsii s tochki zreniya ekonomicheskoy i tekhnicheskoy tselesoobraznosti // Informatsiya i bezopasnost . 2012. T. 15. № 1. S. 55-60.
Andress J., Leary M. Building a Practical Information Security Program. Syngress, 2017. 192 p.
Mattord H., Whitman M. Management of Information Security. 6th ed. Cengage Learning, 2019. 752 p.
Rohit Tanwar. Information Security and Optimization. CRC Press, 2021. 224 p.
Whitman M.E. et al. Principles of Information Security. 6th ed. Cengage Learning, 2017. 656 p.
Bank dannykh ugroz bezopasnosti informatsii Elektronnyy resurs . URL: https://bdu.fstec.ru/threat
Gosudarstvennyy reestr sertifitsirovannykh sredstv zashchity informatsii FSTEK Rossii Elektronnyy resurs . URL: https://fstec.ru/tekhnicheskaya-zaschita-informatsii/dokymenty-posertifickatsii/153-sistemasertifikatsii/591
Perechen sredstv zashchity informatsii, sertifitsirovannykh FSB Rossii Elektronnyy resurs . URL: http://clsz.fsb.ru/ certification.htm
Keywords:
modeling of information security processes, information security, information security management, graphical modeling, methodology of functional graphical modeling.


Related Articles

11. Criminal law and criminology; Criminal enforcement law Pages: 187-189 Issue №14823
CHILD CONSERVATION AND INFORMATION SECURITY OF CHILDREN
child saving threats information security child legal basis
Show more
8. Judicial, prosecutorial, human rights and law enforcement activities Pages: 158-162 Issue №6252
INFORMATION SECURITY OF ADVOCATE’S ACTIVITY: THE MAIN NOTIONS
lawyer advocacy information information security information security activities of a lawyer
Show more
7. Criminal law, Criminal enforcement law, Criminology Pages: 159-162 Issue №4088
THE USE OF TECHNICAL DEVICES AND INFORMATION TECHNOLOGIES FOR CRIMINAL PURPOSES AS A CIRCUMSTANCE AGGRAVATING THE CRIMINAL LIABILITY
information security crimes cynicism social danger computer
Show more
8. INFORMATION LAW (12.00.13) Pages: 197-201 Issue №17728
Information terrorism is a threat to national security in the context of digitalization
information terrorism national security information security cybercrime government regulation
Show more
12. CRIME IN THE FIELD OF INFORMATION TECHNOLOGY AND CYBER CRIME Pages: 146-148 Issue №10327
ABOUT SOME METHODS OF INFORMATION SECURITY IN THE WORLD WIDE WEB
information security the threat of information national security the global information space the Internet
Show more
9. Administrative law; Administrative process, Information Law Pages: 116-120 Issue №5518
THE MODEL OF LEGAL REGULATION OF THE ACTIVITY OF MASS MEDIA IN THE СONTEXT OF INFORMATIONAL SECURITY
Legal model the mechanism of legal regulation subsystem system communication Media
Show more
4. CRIMINAL - LEGAL, CRIMINOLOGICAL, ADMINISTRATIVE AND OTHER MEASURES FOR COUNTERING CRIME IN CONTEMPORARY CONDITIONS Pages: 166-170 Issue №19590
Information Support of Services and Units of the MIA of Russia as an Aspect of Effectiveness of Countering Crime
information resource data banks crime prevention operational environment categorized machine-readable medium
Show more
2. SCIENTIFIC SCHOOL OF DOCTOR OF SCIENCE, PROFESSOR ShHAGAPSOEV Z.L. Pages: 139-141 Issue №7907
INFORMATIONAL TERRORISM AS THE RUSSIAN FEDERATION NATIONAL SECURITY THREAT
information terrorism the threat of information national security information security the global information space
Show more
12. OTHER Pages: 197-200 Issue №10472
Due diligence: problems of optimization and application of the legal framework
linguistic security information security a multiethnic region comprehensive examination extremist texts
Show more
12. MISCELLANIOUS Pages: 251-257 Issue №17728
Digital trust environment concept
digital economy digital trust environment information security
Show more