scholarly journals METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS FUNCTIONAL ANALYSIS

2020 ◽  
Vol 4 (8) ◽  
pp. 192-201
Author(s):  
Vasyl Tsurkan
Keyword(s):  
Functional Analysis ◽  
Information Security ◽  
Security Management ◽  
Logical Structure ◽  
International Standards ◽  
Management Systems ◽  
Graphic Notation ◽  
Information Security Management ◽  
Main Activity ◽  
Definition Of

The process of functional analysis of information security management systems was considered. The relevance of their presentation with many interrelated functions with internal and external interfaces is shown. Taking this into account, the methods of functional analysis of information security management systems are analyzed. Among them, graphic notation IDEF0 is highlighted. This choice is based on the ability to display both interfaces of functions and the conditions and resources of their execution. The orientation of the graphic notation IDEF0 use is established mainly for the presentation of the international standards ISO/IEC 27k series, the display of the main stages of the information security management systems life cycle, the development of individual elements of information security management systems, in particular, risk management. These limitations have been overcome by the method of information security management systems in functional analysis. This was preceded by the definition of the theoretical foundations of this method. Its use allows to allocate their functions at both levels of the system, and levels of its structural elements (subsystems, complexes, components). To do this, define the purpose, viewpoint and establishes information security management as the main activity. It is represented by a set of hierarchically related functions that are represented by a family tree. Each function of this tree defines incoming, outgoing data, management, and mechanisms. This makes it possible to establish their consistency with the organizational structure at the “activity-system”, “process-subsystem”, “operation-module (complex)” and “action-block (component)” levels. In future studies, it is planned to define a hierarchy of functions and develop a logical structure of information security management systems based on the proposed method of functional analysis.

scholarly journals REQUIREMENTS ANALYSIS METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS

2020 ◽  
Vol 1 (9) ◽  
pp. 149-158
Author(s):  
Vasyl Tsurkan
Keyword(s):  
Information Security ◽  
Security Management ◽  
Logical Structure ◽  
Management Systems ◽  
Graphic Notation ◽  
Security Risks ◽  
Information Security Management ◽  
The Individual ◽  
Iec 27001 ◽  
Individual Requirement

The process of analyzing the requirements for information security management systems is considered. The obligation to comply with the requirements of the international standard ISO/IEC 27001 is shown. This provides confidence to stakeholders in the proper management of information security risks with an acceptable level. This is due to the internal and external circumstances of influencing the goal and achieving the expected results of organizations. In addition, the identification of stakeholders, their needs and expectations from the development of information security management systems are also considered. It is established that now the main focus is on taking into account the requirements for the process of developing these systems or to ensure information security in organizations. The transformation of the needs, expectations and related constraints of stakeholders into an appropriate systemic solution has been overlooked. These limitations have been overcome through the method of analyzing the requirements for information security management systems. Its use allows, based on the needs, expectations and related constraints of stakeholders, to identify relevant statements in established syntactic forms. There is need to check each of them for correctness of formulation and compliance with the characteristics of both the individual requirement and the set of requirements. For their systematization, establishment of relations the graphic notation SysML is applied. In view of this, the requirement is considered as a stereotype of a class with properties and constraints. Relationships are used to establish relationships between requirements. Their combination is represented by a diagram in the graphical notation SysML and, as a result, allows you to specify the requirements for information security management systems. In the prospects of further research, it is planned to develop its logical structure on the basis of the proposed method.

A Weighted Monte Carlo Simulation Approach to Risk Assessment of Information Security Management System

2015 ◽  
Vol 11 (4) ◽  
pp. 63-78 ◽  
Author(s):  
Seyed Mojtaba Hosseini Bamakan ◽  
Mohammad Dehghanimohammadabadi
Keyword(s):  
Risk Assessment ◽  
Monte Carlo Simulation ◽  
Monte Carlo ◽  
Information Security ◽  
Risk Analysis ◽  
Management System ◽  
Security Management ◽  
International Standards ◽  
Information Security Management ◽  
Information Security Management System

In recent decades, information has become a critical asset to various organizations, hence identifying and preventing the loss of information are becoming competitive advantages for firms. Many international standards have been developed to help organizations to maintain their competitiveness by applying risk assessment and information security management system and keep risk level as low as possible. This study aims to propose a new quantitative risk analysis and assessment methodology which is based on AHP and Monte Carlo simulation. In this method, AHP is used to create favorable weights for Confidentiality, Integrity and Availability (CIA) as security characteristic of any information asset. To deal with the uncertain nature of vulnerabilities and threats, Monte Carlo simulation is utilized to handle the stochastic nature of risk assessment by taking into account multiple judges' opinions. The proposed methodology is suitable for organizations that require risk analysis to implement ISO/IEC 27001 standard.

Sign in / Sign up

Export Citation Format

Share Document