Formalizing information security requirements

Evolution of security technologies shows that only the concept of an integrated approach to information security can provide modern information security requirements. A comprehensive approach means the complex development of all the necessary methods and means of information protection. Today, the information exchange and information systems in the Ministry of Defense of Ukraine have certain means and approaches to the destruction of information, but each of them has different estimates of the effectiveness of their use, as well as different cost of their purchase and use. Therefore, the main purpose of the article is to carry out a comprehensive analysis of means of destroying confidential information of methods of its destruction in order to formulate practical recommendations for choosing the most effective and economically feasible for the Ministry of Defense of Ukraine. The perfection of methods and means of destroying information from magnetic media is an important element of modern information security. The results of the analysis carried out in the article are the disclosure of the main features of modern devices for the elimination of magnetic records, as well as the ability to formulate a list of basic requirements for modern devices for the destruction of information from magnetic media. Today, technical means of information security, in particular, the elimination of information on magnetic media, are constantly being improved, absorbing the latest advances in modern security technologies. Their model range, which takes into account the diversity of customer requirements, such as the type of energy supply, the level of mobility, reliability and operating conditions, expands. All this determines the relevance of research topics in this direction in the future.

Download Full-text

USE OF ONTOLOGIES IN MAPPING OF INFORMATION SECURITY REQUIREMENTS / ONTOLOGIJOS NAUDOJIMAS INFORMACIJOS SAUGUMO REIKALAVIMAMS SUSIET

Mokslas - Lietuvos ateitis ◽

10.3846/mla.2013.15 ◽

2013 ◽

Vol 5 (2) ◽

pp. 88-91

Author(s):

Simona Ramanauskaitė ◽

Eglė Radvilė ◽

Dmitrij Olifer

Keyword(s):

Information Security ◽

Best Practices ◽

Security Requirements ◽

Security Standards

A large amount of different security documents, standards, guidelines and best practices requires to ensure mapping between different security requirements. As the result of mapping, security requirements of different standards can coincide or require to be amended or harmonised. This is the reason why it is so difficult to map more than two different security documents. Ontologies can be used to solve this issue. The article offers a review of different security documents and ontology types as well as investigates possible use of ontologies for mapping of security standards. Article in Lithuanian Santrauka Esant daugybei informacijos saugą reglamentuojančių dokumentų, gairių ir standartų, aktualu tarpusavyje susieti juose apibrėžtus saugumo reikalavimus. Skirtinguose saugos dokumentuose aprašyti saugumo reikalavimai gali ne tik sutapti arba papildyti vienas kitą, bet ir prieštarauti vienas kitam. Tai labai apsunkina daugiau negu dviejų informacijos saugą reglamentuojančių dokumentų susiejimą. Vienas būdų susieti daugiau negu du saugą reglamentuojančius dokumentus galėtų būti ontologijos naudojimas. Straipsnyje apžvelgiami šiuo metu pagrindiniai saugą reglamentuojantys standartai, egzistuojančios saugumo ontologijos, išnagrinėta galimybė naudoti ontologiją saugą reglamentuojančių dokumentų reikalavimams susieti ir galimybę tokį susiejimą atvaizduoti grafais.

Download Full-text

Information Security Requirements of Cloud Computing Information System

Advances in Intelligent Systems and Computing - Recent Developments in Mechatronics and Intelligent Robotics ◽

10.1007/978-3-030-00214-5_10 ◽

2018 ◽

pp. 83-89

Author(s):

Haohao Song

Keyword(s):

Cloud Computing ◽

Information System ◽

Information Security ◽

Security Requirements

Download Full-text

Model and Technique for Abonent Address Masking in Cyberspace

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-06-2-13 ◽

2020 ◽

pp. 2-13

Author(s):

Vadim Kuchurov ◽

◽

Roman Maximov ◽

Roman Sherstobitov ◽

◽

...

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Exchange ◽

Information Technologies ◽

System Structure ◽

Security Requirements ◽

Kolmogorov Equation ◽

Basic Set ◽

Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

Download Full-text

The Role of Social Status and Controllability on Employee Intent to Follow Organizational Information Security Requirements

2015 48th Hawaii International Conference on System Sciences ◽

10.1109/hicss.2015.424 ◽

2015 ◽

Author(s):

Salvatore Aurigemma ◽

Thomas Mattson

Keyword(s):

Information Security ◽

Social Status ◽

Security Requirements ◽

Organizational Information

Download Full-text

A Mark-Up Language for the Specification of Information Security Governance Requirements

Privacy Solutions and Security Frameworks in Information Protection ◽

10.4018/978-1-4666-2050-6.ch007 ◽

2013 ◽

pp. 103-123

Author(s):

Anirban Sengupta ◽

Chandan Mazumdar

Keyword(s):

Information Systems ◽

Information Security ◽

Security Requirements ◽

Security Requirement ◽

Security Governance ◽

Digital World ◽

Information Security Governance ◽

Version 2.0 ◽

Enterprise Security ◽

And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

Download Full-text

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2015010102 ◽

2015 ◽

Vol 6 (1) ◽

pp. 24-46

Author(s):

Azadeh Alebrahim ◽

Denis Hatebur ◽

Stephan Fassbender ◽

Ludger Goeke ◽

Isabelle Côté

Keyword(s):

Cloud Computing ◽

Information Security ◽

Risk Analysis ◽

Computing System ◽

Security Requirements ◽

Analysis Method ◽

Computing Systems ◽

Cloud Systems ◽

Cloud Computing System ◽

Iso 27001

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

Download Full-text