METHODS OF SYSTEM ANALYSIS IN THE FORMATION OF INFORMATION SECURITY POLICY ON TRANSPORT

Approaches to the application of methods of system analysis to solve problems related to information security of enterprises in transport, which have a complex IT structure with a large number of components. It is shown that the active expansion of the areas of informatization of the transport industry, especially in the segment of mobile, distributed and wireless technologies, is accompanied by the emergence of new threats to information security. It is shown that in order to build an effective information security system, the selection and implementation of adequate technical means of protection should be preceded by a stage of description, analysis and modeling of threats, vulnerabilities, followed by calculation of risks for IS and determining the optimal strategy for information security system. After evaluating the different NIB options according to several criteria, a decision is made: if the recommendations coincide, the optimal solution is chosen with greater confidence. If there is a contradiction of recommendations, the final decision is made taking into account its advantages and disadvantages, for example, the strategy of information security system development is chosen, which turned out to be optimal for at least two criteria. If different NIB development strategies are obtained for all three criteria, it is necessary to vary the values of pessimism-optimism in the Hurwitz criterion or change the data, for example, about possible threats to IP or automated enterprise management system. An algorithm for modeling the decision-making process for selecting the optimal strategy for managing investment design components of the information security system for the transport business entity is proposed

Download Full-text

METHODS OF SYSTEM ANALYSIS IN THE FORMATION OF INFORMATION SECURITY POLICY ON TRANSPORT

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.13.8191 ◽

2021 ◽

Vol 1 (13) ◽

pp. 81-91

Author(s):

Valerii Lakhno ◽

Borys Husiev ◽

Victor Smolii ◽

Andrii Blozva ◽

Dmytro Kasatkin ◽

...

Keyword(s):

Information Security ◽

Optimal Strategy ◽

Security Policy ◽

System Analysis ◽

System Development ◽

Optimal Solution ◽

Security System ◽

Enterprise Management ◽

Final Decision ◽

Advantages And Disadvantages

Download Full-text

Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise

Ekonomìka ta upravlìnnâ APK ◽

10.33245/2310-9262-2020-155-1-84-92 ◽

2020 ◽

pp. 84-92

Author(s):

A.V. Pecheniuk

Keyword(s):

Information Security ◽

Information And Communication Technologies ◽

Security Policy ◽

Criminal Responsibility ◽

Economic Security ◽

Information Policy ◽

Security System ◽

Theory And Practice ◽

Confidential Information ◽

Information Security Policy

The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value. The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described. The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out. There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security. It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks. Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.

Download Full-text

Basic q-analysis of MCQA for Information Security System

European Journal of Electrical Engineering and Computer Science ◽

10.24018/ejece.2019.3.5.131 ◽

2019 ◽

Vol 3 (5) ◽

Author(s):

Oleh Kozlenko

Keyword(s):

Information Systems ◽

Structural Analysis ◽

Information Security ◽

System Analysis ◽

Security System ◽

Security Measures ◽

Security Systems ◽

Basic Principles ◽

Application Methods ◽

Security Incidents

Article explores application methods for systems structural analysis to use in study of security in information systems, which is based on variants of general attack scenarios, features of cybersecurity culture, q-analysis, which is part of MCQA . General security system analysis usually is based on different factors, which include technical means, human-related mistakes in different ways and respond to security incidents. Q-analysis presents the basic principles of constructing model of information security systems elements connectivity on the example of two sets: set of threats and sets of security measures for information security and calculated numerical values. Elements of the two sets of are interconnected and form the basis of a system for ensuring their security. These calculations can be used to further determine overall formal assessment of security of the organization.

Download Full-text

Method and technique of formal design of complex information security system in information and telecommunication systems

Radiotekhnika ◽

10.30837/rt.2020.4.203.08 ◽

2020 ◽

pp. 91-96

Author(s):

R.Y. Gvozdov ◽

R.V. Oliynykov

Keyword(s):

Information Processing ◽

Information Security ◽

Security Policy ◽

Security System ◽

Telecommunication System ◽

Information Security Policy ◽

Complex Information ◽

Telecommunication Systems ◽

Formalized Description ◽

Formal Design

The aim of the article is to develop a methodology for the formal design of the complex information security system in information and telecommunication systems. At the moment, there are no methods for the formal design of complex information security system in information and telecommunication systems, so the development of such a methodology is an urgent task. The article discusses the methods of formalized modeling of information security policy and methods of formalized description of the information and telecommunications system and information processing processes. The necessity of formal design of complex information security system is substantiated and the requirements for the development of formal descriptions of an integrated information security system in accordance with regulatory documents in the field of technical protection of information are described. The comparative characteristics of the methods of formalized modeling of information security policy and methods of formalized description of the information and telecommunication system and information processing processes are given. As a result of the comparison, it is proposed to use the UML method for the formal description of the information-telecommunication system, and the UMLsec method for the security policy modeling. An algorithm for the formation of a complex of protection facilities in an information and telecommunications system is proposed from a formal model of security policy and from a formalized description of an information and telecommunications system and information processing processes.

Download Full-text

Information Security of Russia in the Digital Economy: The Economic and Legal Aspects

Journal of Advanced Research in Law and Economics ◽

10.14505//jarle.v9.1(31).12 ◽

2018 ◽

Vol 9 (1) ◽

pp. 89 ◽

Cited By ~ 8

Author(s):

Evgeniya Evgenevna FROLOVA ◽

Tatyana Anatolevna POLYAKOVA ◽

Mihail Nikolaevich DUDIN ◽

Ekaterina Petrovna RUSAKOVA ◽

Petr Aleksandrovich KUCHERENKO

Keyword(s):

Information Security ◽

Security Policy ◽

System Analysis ◽

Legal Aspects ◽

Power Structures ◽

Dialectical Logic ◽

Systematic Analysis ◽

Legal Norms ◽

Guidance Documents ◽

Legal Contexts

Contemporary realities dictate that technologization, digitalization (transition of the economy and the social sector to digital technologies of functioning and interaction) and the national intellectual capital are the basic competitive advantages of the country that require proper information security. An information security system is a set of corporate rules, standards of work and procedures for ensuring information security formed based on the audit of the company's information system, and the analysis of existing security risks in accordance with requirements of the regulatory documents of the Russian Federation and the provisions of the standards in the field of information security. It is especially important for Russian companies actively interacting with foreign partners. In addressing the problem of information security, the development of the company's unified information security policy occupies a leading place; therefore, this article will be devoted to consideration of these issues. The authors of the present study proceed from the objective-subjective predetermination of any phenomena and processes of the external world. In this format, the study is based on general scientific methods: systematic analysis and generalization of normative and practical materials; formal and dialectical logic: analysis, synthesis, induction, deduction, hypotheses, analogies; and special methods of legal research: comparative-legal and historical-legal, system analysis and interpretation of legal norms. Based on the analysis, the following conclusions have been made: currently, the most important direction of the national economy development is the protection of vital human and social interests, the key element of which is information security. This study represents the development of a scientific overview of the modern ways to ensure information security in both applied and legal contexts. This article underlines and examines the problems and economic legal features of ensuring information security in Russia. These materials can be used both in preparation of other scientific research and in the development of guidance documents by the power structures.

Download Full-text

Organizational and Methodological Issues of the RF National Projects’ Development and Implementation

MIR (Modernization Innovation Research) ◽

10.18184/2079-4665.2019.10.3.369-379 ◽

2019 ◽

Vol 10 (3) ◽

pp. 369-379

Author(s):

N. N. Bondareva ◽

N. I. Komkov

Keyword(s):

Russian Federation ◽

Large Scale ◽

System Analysis ◽

System Development ◽

Methodological Issues ◽

Advantages And Disadvantages ◽

Complex Development ◽

The Russian Federation ◽

Implementation Experience ◽

Theoretical Foundations

Purpose: the purpose of this article is to consider the usage of targeted methodological and organizational methods of complex socio-economic development management, as well as to research the practice of developing national-scale projects and programs.Methods: the methodology of the study is based on the theoretical foundations of target processes management for solving complex development problems, system analysis methods, research of operations and economic analysis of complex system development.Results: consideration of the implementation experience of the Russian Federation national projects and programs since 2005 helps to identify both advantages and disadvantages in solving social and economic problems. Organizational and methodological shortcomings of national projects development, as well as estimation of limitations and difficulties for complete goals achievement in the chosen case projects have been presented.Conclusions and Relevance: the presented national projects aimed at achieving the goals of the May Decree of the President of the Russian Federation should serve as a guide for the concentration of financial, logistical and intellectual resources to solve national large-scale complex problems. Methodological and organizational shortcomings in the national projects launching, which create significant risks to successful and on-time achievement of the national goals specified in the President’s Decree, were noted.

Download Full-text

Background Traffic Generation System Development for the Performance Evaluation of Information Security System

2008 10th International Conference on Advanced Communication Technology ◽

10.1109/icact.2008.4494088 ◽

2008 ◽

Author(s):

Gyoo-Yeong Jeong ◽

Jeong-Ho Kim

Keyword(s):

Performance Evaluation ◽

Information Security ◽

System Development ◽

Security System ◽

Generation System ◽

Background Traffic ◽

Traffic Generation

Download Full-text

Comparative analysis of the effectiveness of existing methods of networks security from DDoS attacks

Radio Industry (Russia) ◽

10.21778/2413-9599-2020-30-3-67-74 ◽

2020 ◽

Vol 30 (3) ◽

pp. 67-74

Author(s):

N. V. Evglevskaya ◽

A. Yu. Zuev ◽

A. O. Karasenko ◽

O. S. Lauta

Keyword(s):

Comparative Analysis ◽

Information Security ◽

Optimal Solution ◽

Intermediate Stage ◽

Target System ◽

Ddos Attacks ◽

Advantages And Disadvantages ◽

Network Protection ◽

User Access ◽

Online Stores

At present, issues related to information security are highly relevant. DoS and DDoS attacks are carried out by cybercriminals quite often, because cyberattacks can bring almost any system to failure, leaving no legally significant evidence. At the same time, the failure of the attacked subsystem can be an intermediate stage towards the target system. The most vulnerable to DDoS attacks are online stores, online payment systems, news resources and companies, whose activities depend on the frequency of user access to the resource. The main methods of protection against cyberattacks and DDoS attacks, in particular, are currently antivirus programs and firewalls. The article presents a description of some types of DDoS attacks as well as the results of a comparative analysis of several existing methods of networks security from DDoS attacks, which will simplify the choice of the optimal solution to ensure reliable protection of a telecommunication facility. Considering all the advantages and disadvantages, the method of organizing a network protection system against DDoS attacks based on the technology of artificial neural networks is the most suitable solution for ensuring the information security of networks of various purpose.

Download Full-text

Improving the efficiency of the formation of professional competencies Masters in “Information Security” based on the use o CASE-technologies

Open Education ◽

10.21686/1818-4243-2019-3-25-32 ◽

2019 ◽

Vol 23 (3) ◽

pp. 25-32

Author(s):

A. V. Gavrilov ◽

V. A. Sizov

Keyword(s):

Information Security ◽

Business Processes ◽

System Analysis ◽

Educational Process ◽

Information Resources ◽

Security System ◽

Professional Competencies ◽

Enterprise Information ◽

Economic Point ◽

Case Technologies

Purpose of the study. In modern conditions, building an effective information security system for an enterprise requires specialists with appropriate professional competencies and systems approach skills in analyzing a combination of factors that influence the state of information security of an enterprise. For the preparation of such kind of specialists, qualitative changes in the content of educational disciplines are required, based on the use of methods and means of system analysis in the process of building an information security system. The current approaches to assessing the risk of an enterprise are based on the formation of a register of its information resources necessary for the further processing of risks. Adequate assessment of the value of a resource is impossible without a correct understanding of the semantics of this resource and its role in the implemented business processes. Modern approaches to the formation of the register of enterprise information resources, according to the authors, do not offer an effective method of identifying resources and estimating their value.This paper considers an approach based on the use of structural and functional analysis methods and CASE-technologies in the formation of a register of information resources of the enterprise in the training of masters in the direction of “Information Security”. Materials and methods. For the formation of the register of enterprise information resources, it is proposed to build a structural-functional enterprise model using the IDEF0 notation. Business process modeling was performed in the Business Studio environment of «Modern Control Technologies». As an example for risk analysis, the activities of a typical IT-industry company engaged in the development and implementation of enterprise management information systems were considered. Results. The technique was successfully tested in the educational process. According to the authors of the article, the use of this technique in conducting laboratory classes for masters enrolled in the “Information Security” direction has made it possible to increase the efficiency of the formation of professional competencies in students and, consequently, in general, the quality of education. The results obtained can be used not only as a training method for specialists in the field of information security. The application of the methodology of forming the register of information resources of an enterprise considered in the article in practical activities to ensure the information security of an enterprise will increase the validity of decisions to protect the information of the enterprise. Conclusion. The paper proposes a method to justify the choice of the main directions for the protection of enterprise information based on the analysis of its business processes. A distinctive feature of the technique is the use of modern CASE-technologies for decision-making in the field of enterprise information security. The implementation of the methodology allows you to create a register of information resources of the enterprise, including an assessment of the likely damage for each resource. The registry shows the bottlenecks in the organization of protection, which should be given priority when planning measures to protect information. On the basis of the data obtained, it is possible to form a strategy and tactics for developing an enterprise information protection system that is reasonable from an economic point of view.

Download Full-text

Applying a Security Management Mechanism to a System Development Lifecycle

International Journal of E-Adoption ◽

10.4018/ijea.2018010101 ◽

2018 ◽

Vol 10 (1) ◽

pp. 1-17

Author(s):

Chia-Ping Yu ◽

Chih-Ping Chu ◽

Pin-Hui Lu

Keyword(s):

Information Security ◽

Security Policy ◽

Service Providers ◽

System Development ◽

Security Management ◽

Application Service Providers ◽

Security Issues ◽

Application Service ◽

Development Lifecycle ◽

Software Practitioners

This article uses qualitative research and grounded theories, to explore information security issues in the development of information systems. Its findings are: first, three security issues are identified: security plans, resources, and a security policy to implement information security mechanisms. Second, there are strong connections between security plans, resources and security policy. Third, managers implement several critical security issues across stages of system development life cycle. This article identifies the opportunities and challenges facing security management issues. Clear security policies or plans can guide software practitioners in an organization to focus on security issues, and keep controlling threats thereafter. In order to improve the quality of security management and to identify possible threats over a longer term, organizations have to monitor and manage their application service providers and security techniques.

Download Full-text