The modeling of information security system design processes in state information systems
( Pp. 26-37)

More about authors
Prokushev Yaroslav E. kandidat ekonomicheskih nauk, docent; docent departamenta informacionnoy bezopasnosti
Financial University Ponomarenko Sergei V. kandidat tehnicheskih nauk, docent; professor kafedry organizacii i tehnologii zaschity informacii
Belgorod University of Cooperation, Economics and Law Ponomarenko Sergei A. docent kafedry organizacii i tehnologii zaschity informacii
Belgorod University of Cooperation, Economics and Law
For read the full article, please, register or log in
Abstract:
The relevance and necessity of implementing measures to protect information in state information systems today is obvious both from the point of view of existing legislation, and from the point of view of the objective presence of a large number of threats of a very different nature. Protective measures should take into account such factors as the growth of the volume of processed information, the use of various data processing technologies, the multi-user nature of access to information resources, and the complexity of the modes of operation of technical means [Schneier, 2003]. Thus, ensuring information security is a complex of interrelated business processes of an organizational, legal and technical nature. The complexity of the processes of implementing security systems makes it necessary to perform the planning stage of this process, which is closely related to the need to develop a domain model. This determines the relevance of writing this work. The purpose of this article is to develop a set of models that describe the features of organizational, legal and technical processes that arise at the design stages of information security systems in state information systems. The methodological basis for writing the work is the normative legal acts of the FSTEC of Russia. A comparative analysis of possible methods of modeling the described subject area allowed us to determine the tools used. To describe the ongoing processes in the design of the information security system, the SADT functional graphical modeling methodology was used. Mathematical modeling methods were used to model the process of rational choice of information security tools. The result of the research presented in this paper is a set of models that describes the processes characteristic of the design stage of the information security system in state information systems.
How to Cite:
Prokushev Y.E., Ponomarenko S.V., Ponomarenko S.A., (2021), THE MODELING OF INFORMATION SECURITY SYSTEM DESIGN PROCESSES IN STATE INFORMATION SYSTEMS. Computational Nanotechnology, 1: 26-37. DOI: 10.33693/2313-223X-2021-8-1-26-37
Reference list:
Federal nyy zakon № 149-FZ ot 27 iyulya 2006 goda Ob informatsii, informatsionnykh tekhnologiyakh i zashchite informatsii .
Prikaz FSTEK Rossii ot 11 fevralya 2013 g. № 17 Ob utverzhdenii trebovaniy o zashchite informatsii, ne sostavlyayushchey gosudarstvennuyu taynu, soderzhashcheysya v gosudarstvennykh informatsionnykh sistemakh .
Metodicheskiy dokument FSTEK Rossii Metodika otsenki ugroz bezopasnosti informatsii . Utv. FSTEK Rossii 5 fevralya 2021 g.
Metodicheskiy dokument FSTEK Rossii Mery zashchity informatsii v gosudarstvennykh informatsionnykh sistemakh . Utv. FSTEK Rossii 11 fevralya 2014 g.
Polozhenie po attestatsii ob ektov informatizatsii po trebovaniyam bezopasnosti informatsii. Utverzhdeno predsedatelem Gosudarstvennoy tekhnicheskoy komissii pri Prezidente Rossiyskoy Federatsii 25 noyabrya 1994 g.
Litvak B.G. Ekspertnye tekhnologii v upravlenii: uchebnoe posobie, 2-e izd., ispr. i dop. M.: Izdatel stvo Delo , 2004. 400 s.
Prokushev YA.E., Ponomarenko S.V. Sravnitel nyy analiz sredstv programmno-apparatnoy zashchity informatsii, primenyaemykh v informatsionnykh sistemakh personal nykh dannykh // Informatsiya i bezopasnost . 2012. T. 15. № 1. S. 31-36.
Prokusheva A.P., Prokushev YA.E. Modelirovanie i optimizatsiya vybora sredstv programmno-apparatnoy zashchity informatsii s tochki zreniya ekonomicheskoy i tekhnicheskoy tselesoobraznosti // Informatsiya i bezopasnost . 2012. T. 15. № 1. S. 55-60.
Andress J., Leary M. Building a Practical Information Security Program. Syngress, 2017. 192 p.
Mattord H., Whitman M. Management of Information Security. 6th ed. Cengage Learning, 2019. 752 p.
Rohit Tanwar. Information Security and Optimization. CRC Press, 2021. 224 p.
Whitman M.E. et al. Principles of Information Security. 6th ed. Cengage Learning, 2017. 656 p.
Bank dannykh ugroz bezopasnosti informatsii Elektronnyy resurs . URL: https://bdu.fstec.ru/threat
Gosudarstvennyy reestr sertifitsirovannykh sredstv zashchity informatsii FSTEK Rossii Elektronnyy resurs . URL: https://fstec.ru/tekhnicheskaya-zaschita-informatsii/dokymenty-posertifickatsii/153-sistemasertifikatsii/591
Perechen sredstv zashchity informatsii, sertifitsirovannykh FSB Rossii Elektronnyy resurs . URL: http://clsz.fsb.ru/ certification.htm
Keywords:
modeling of information security processes, information security, information security management, graphical modeling, methodology of functional graphical modeling.