scholarly journals Improving the efficiency of the formation of professional competencies Masters in “Information Security” based on the use o CASE-technologies

2019 ◽  
Vol 23 (3) ◽  
pp. 25-32
Author(s):  
A. V. Gavrilov ◽  
V. A. Sizov
Keyword(s):  
Information Security ◽  
Business Processes ◽  
System Analysis ◽  
Educational Process ◽  
Information Resources ◽  
Security System ◽  
Professional Competencies ◽  
Enterprise Information ◽  
Economic Point ◽  
Case Technologies

Purpose of the study. In modern conditions, building an effective information security system for an enterprise requires specialists with appropriate professional competencies and systems approach skills in analyzing a combination of factors that influence the state of information security of an enterprise. For the preparation of such kind of specialists, qualitative changes in the content of educational disciplines are required, based on the use of methods and means of system analysis in the process of building an information security system. The current approaches to assessing the risk of an enterprise are based on the formation of a register of its information resources necessary for the further processing of risks. Adequate assessment of the value of a resource is impossible without a correct understanding of the semantics of this resource and its role in the implemented business processes. Modern approaches to the formation of the register of enterprise information resources, according to the authors, do not offer an effective method of identifying resources and estimating their value.This paper considers an approach based on the use of structural and functional analysis methods and CASE-technologies in the formation of a register of information resources of the enterprise in the training of masters in the direction of “Information Security”. Materials and methods. For the formation of the register of enterprise information resources, it is proposed to build a structural-functional enterprise model using the IDEF0 notation. Business process modeling was performed in the Business Studio environment of «Modern Control Technologies». As an example for risk analysis, the activities of a typical IT-industry company engaged in the development and implementation of enterprise management information systems were considered. Results. The technique was successfully tested in the educational process. According to the authors of the article, the use of this technique in conducting laboratory classes for masters enrolled in the “Information Security” direction has made it possible to increase the efficiency of the formation of professional competencies in students and, consequently, in general, the quality of education. The results obtained can be used not only as a training method for specialists in the field of information security. The application of the methodology of forming the register of information resources of an enterprise considered in the article in practical activities to ensure the information security of an enterprise will increase the validity of decisions to protect the information of the enterprise. Conclusion. The paper proposes a method to justify the choice of the main directions for the protection of enterprise information based on the analysis of its business processes. A distinctive feature of the technique is the use of modern CASE-technologies for decision-making in the field of enterprise information security. The implementation of the methodology allows you to create a register of information resources of the enterprise, including an assessment of the likely damage for each resource. The registry shows the bottlenecks in the organization of protection, which should be given priority when planning measures to protect information. On the basis of the data obtained, it is possible to form a strategy and tactics for developing an enterprise information protection system that is reasonable from an economic point of view. 

scholarly journals Methodology for Assessing the Risks of Information Enterprise Security Using Case Technologies

2021 ◽  
Vol 25 (5) ◽  
pp. 41-49
Author(s):  
А. V. Gavrilov ◽  
V. A. Sizov ◽  
E. V. Yaroshenko
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Educational Process ◽  
Security System ◽  
Security Measures ◽  
It Industry ◽  
Enterprise Information ◽  
Information Assets ◽  
Value Determination ◽  
Enterprise Security

Purpose of the study. Creating an effective information security system of an enterprise is impossible without an adequate assessment of the risks to which its assets are exposed. The results of such an assessment should become the basis for making decisions in the field of information security of the enterprise. Identification of information assets and assessment of their value, determination of the level of threats to the security of assets allow planning measures to create an enterprise information security system.This paper discusses a methodology for assessing the risks of information security of an enterprise, a distinctive feature and novelty of which is the use of modern tools and methods for constructing and analyzing business processes in order to identify the information assets of an enterprise to be protected.Materials and methods. It is proposed to identify information assets based on the model of business processes of the enterprise, performed using the IDEF0 methodology. Modeling of business processes was carried out in the Business Studio environment of the “Modern Management Technologies” company.The activity of a typical IT-industry company was considered as an example for the risk analysis.Results. The methodology for assessing the risks of information security of an enterprise described in the article has been successfully tested in the educational process. Its use in conducting laboratory classes in the discipline “Designing the information security system of enterprises and organizations” for masters studying in the direction of “Information security” allowed, according to the authors of the article, to increase the effectiveness of the formation of students’ professional competencies.Conclusion. The paper proposes a methodology for assessing information security risks for objects of an enterprise’s information infrastructure, which makes it possible to identify priority areas of information security at an enterprise. As a result of the application of the technique, a loss matrix is formed, showing the problem areas in the organization of information protection, which should be given priority attention when planning information security measures. Based on the data obtained, it is possible to form an economically justified strategy and tactics for the development of an enterprise information security system.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

scholarly journals METHODS OF SYSTEM ANALYSIS IN THE FORMATION OF INFORMATION SECURITY POLICY ON TRANSPORT

2021 ◽  
Vol 1 (13) ◽  
pp. 81-91
Author(s):  
Valerii Lakhno ◽  
Borys Husiev ◽  
Victor Smolii ◽  
Andrii Blozva ◽  
Dmytro Kasatkin ◽  
...  
Keyword(s):  
Information Security ◽  
Optimal Strategy ◽  
Security Policy ◽  
System Analysis ◽  
System Development ◽  
Optimal Solution ◽  
Security System ◽  
Enterprise Management ◽  
Final Decision ◽  
Advantages And Disadvantages

Approaches to the application of methods of system analysis to solve problems related to information security of enterprises in transport, which have a complex IT structure with a large number of components. It is shown that the active expansion of the areas of informatization of the transport industry, especially in the segment of mobile, distributed and wireless technologies, is accompanied by the emergence of new threats to information security. It is shown that in order to build an effective information security system, the selection and implementation of adequate technical means of protection should be preceded by a stage of description, analysis and modeling of threats, vulnerabilities, followed by calculation of risks for IS and determining the optimal strategy for information security system. After evaluating the different NIB options according to several criteria, a decision is made: if the recommendations coincide, the optimal solution is chosen with greater confidence. If there is a contradiction of recommendations, the final decision is made taking into account its advantages and disadvantages, for example, the strategy of information security system development is chosen, which turned out to be optimal for at least two criteria. If different NIB development strategies are obtained for all three criteria, it is necessary to vary the values of pessimism-optimism in the Hurwitz criterion or change the data, for example, about possible threats to IP or automated enterprise management system. An algorithm for modeling the decision-making process for selecting the optimal strategy for managing investment design components of the information security system for the transport business entity is proposed.

scholarly journals Basic q-analysis of MCQA for Information Security System

2019 ◽  
Vol 3 (5) ◽  
Author(s):  
Oleh Kozlenko
Keyword(s):  
Information Systems ◽  
Structural Analysis ◽  
Information Security ◽  
System Analysis ◽  
Security System ◽  
Security Measures ◽  
Security Systems ◽  
Basic Principles ◽  
Application Methods ◽  
Security Incidents

Article explores application methods for systems structural analysis to use in study of security in information systems, which is based on variants of general attack scenarios, features of cybersecurity culture, q-analysis, which is part of MCQA . General security system analysis usually is based on different factors, which include  technical means, human-related mistakes in different ways and respond to security incidents. Q-analysis presents the basic principles of constructing model of information security systems elements connectivity on the example of two sets: set of threats and sets of security measures for information security and calculated numerical values. Elements of the two sets of are interconnected and form the basis of a system for ensuring their security. These calculations can be used to further determine overall formal assessment of security of the organization.

scholarly journals The security system for maintenance of the required information security level

2018 ◽  
Vol 210 ◽  
pp. 04005
Author(s):  
Maciej Kiedrowicz ◽  
Jerzy Stanik
Keyword(s):  
Information System ◽  
Quality Management ◽  
Information Security ◽  
Working Conditions ◽  
Information Resources ◽  
Security System ◽  
Security Level ◽  
Security Feature ◽  
Organizational Configurations ◽  
The Impact

The article outlines the concept of maintaining the required security level of the information system in the organization (SIO) through appropriate control of the security configurations of the security system. The security system (SS) model was proposed and its basic elements characterized to maintain the current security level of the information resources. The desired current security feature of the SIO shall be obtained by generating appropriate security technical and organizational configurations from the set of permissible solutions. The proposed concept, which takes into account the impact of not only basic security elements of the information resources (e.g. types of resources, security attributes, risks, vulnerability), but also changes in the working conditions of the information system and security system as well as the entire security and quality management environment of the organization, constitutes own proposal of the authors.

scholarly journals Learning Factory as Integration Form of Education in Sustainably Developing Healthcare Organisations

2018 ◽  
pp. 508-518
Author(s):  
Irina Yu. Bedoreva ◽  
Stanislav V. Sokolov ◽  
Mariya D. Kazakova ◽  
Olga A. Latuha
Keyword(s):  
Health Care ◽  
Business Processes ◽  
System Analysis ◽  
Medical Personnel ◽  
Educational Process ◽  
Practical Significance ◽  
Healthcare Organisation ◽  
Sociological Research ◽  
Medical Organization ◽  
Public Authorities

Introduction. The task set by the public authorities in the sphere of health care to train personnel of a new quality, capable of working successfully in the conditions of intensive reform of the industry requires not only a closer integration of universities and medical organizations, but also new educational technologies. The process factory is a new model of education for training of medical personnel, so the purpose of the article is to study the experience of training factories in international practice and to substantiate the effectiveness of the implementation of this educational form in a steadily de veloping medical organization. Materials and Мethods. The research draws on general scientific methods of empirical and theoretical knowledge, general methodological methods and techniques, as well as methods of system analysis, comparisons and analogues, generalisations, materials of our own sociological research of personnel policy affecting the sustainable development of healthcare organisation, conducted between 2013-2016. A key aspect of the review of scientific works was the study of problems of training in academic factories of different profiles and fields of knowledge. Results. The authors revealed that the Factory of processes as integration form of education allows modeling the conditions necessary for the head, recreating not only the real processes occurring in the healthcare organisation, but also the desired processes in the implementation of organisational changes, which allows you to demonstrate complex business processes without compromising the healthcare organisation itself. It is highlighted that the introduction of lean medicine and other management models is advisable to trial in academic factory first, and then apply the most successful options to the main activities of the healthcare organisation. In addition, Factory of processes makes it possible to make more effective adaptation of new employees to the workplace, be it young professionals or professionals with experience in h ealthcare organisation. Discussion and Conclusions. The practical significance of the article is that the introduction of such a model as a training factory in the educational process of medical universities will not only improve the efficiency of the integration of the University and the medical organization, but also will allow to prepare specialists capable of implementing organizational changes in the work of health care institutions.

scholarly journals Analysis of Information Threats to Industrial Security

2020 ◽  
pp. 6-10
Author(s):  
Grigory Zharkov ◽  
◽  
Vadim Shevtsov ◽  
Keyword(s):  
Information System ◽  
Information Security ◽  
Security System ◽  
Comprehensive Approach ◽  
Security Threats ◽  
Enterprise Information ◽  
System A ◽  
Industrial Security ◽  
Data Objects ◽  
High Level

Information security of an enterprise (IS of an enterprise) is the state of security of data, objects of informatization of an enterprise and its interests. IS of an enterprise is achieved only when such properties of the basic properties of IS as confidentiality, integrity, availability of information and the technical component of an enterprise involved in technological processes are met. Ensuring IS of an enterprise is effective only with a systematic and comprehensive approach to protection. The information security system should take into account all current information threats and vulnerabilities. Information security threats are analyzed to determine the full set of requirements for the developed security system. A threat is considered relevant if it can be implemented in the information system of the enterprise and poses a threat to information with limited access. It is shown that the list of threats to information security of an industrial enterprise is very wide and is limited not only to those considered in this article. It is very important to maintain a high level of enterprise information security, especially at critical information infrastructure facilities.

scholarly journals Development of a Method for Conducting an Audit of the Information Security System

2021 ◽  
pp. 18-27
Author(s):  
Pavel Zaporotskov ◽  
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Personal Data ◽  
Information Resources ◽  
Security System ◽  
Security Audit ◽  
Personal Data Protection ◽  
State Security ◽  
Information Processes ◽  
Innovative Model

Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

scholarly journals СТАН СФОРМОВАНОСТІ КОМПЕТЕНТНОСТЕЙ З ІНФОРМАЦІЙНОЇ БЕЗПЕКИ МАЙБУТНІХ УЧИТЕЛІВ ІНФОРМАТИКИ

2017 ◽  
Vol 62 (6) ◽  
pp. 277
Author(s):  
Vasyl P. Oleksiuk ◽  
Olesia R. Oleksiuk
Keyword(s):  
Information Security ◽  
Computer Science ◽  
Science Teachers ◽  
Computer Networks ◽  
Educational Process ◽  
Professional Competencies ◽  
Service Models ◽  
The Future ◽  
Cloud Technologies

In the article there are explored the concepts of cybersecurity and information security. It is proved that cybersecurity can’t be fully ensured without teaching to principles and rules of information security. The authors have analyzed the specificity of the future computer science teachers' study in the context of developing of their competences necessary for safe students’ activity in the computer networks and Internet. Particular attention is paid to the threats arising after introduction cloud technologies various service models into the educational process. The article focuses on methods and stages of the pedagogical investigation of correlation between the operational and reflective components of the professional competencies of future computer science teachers.

Sign in / Sign up

Export Citation Format

Share Document