The process of analyzing the requirements for information security management systems is considered. The obligation to comply with the requirements of the international standard ISO/IEC 27001 is shown. This provides confidence to stakeholders in the proper management of information security risks with an acceptable level. This is due to the internal and external circumstances of influencing the goal and achieving the expected results of organizations. In addition, the identification of stakeholders, their needs and expectations from the development of information security management systems are also considered. It is established that now the main focus is on taking into account the requirements for the process of developing these systems or to ensure information security in organizations. The transformation of the needs, expectations and related constraints of stakeholders into an appropriate systemic solution has been overlooked. These limitations have been overcome through the method of analyzing the requirements for information security management systems. Its use allows, based on the needs, expectations and related constraints of stakeholders, to identify relevant statements in established syntactic forms. There is need to check each of them for correctness of formulation and compliance with the characteristics of both the individual requirement and the set of requirements. For their systematization, establishment of relations the graphic notation SysML is applied. In view of this, the requirement is considered as a stereotype of a class with properties and constraints. Relationships are used to establish relationships between requirements. Their combination is represented by a diagram in the graphical notation SysML and, as a result, allows you to specify the requirements for information security management systems. In the prospects of further research, it is planned to develop its logical structure on the basis of the proposed method.
REQUIREMENTS ANALYSIS METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS
