scholarly journals Method and technique of formal design of complex information security system in information and telecommunication systems

Radiotekhnika ◽  
2020 ◽  
pp. 91-96
Author(s):  
R.Y. Gvozdov ◽  
R.V. Oliynykov
Keyword(s):  
Information Processing ◽  
Information Security ◽  
Security Policy ◽  
Security System ◽  
Telecommunication System ◽  
Information Security Policy ◽  
Complex Information ◽  
Telecommunication Systems ◽  
Formalized Description ◽  
Formal Design

The aim of the article is to develop a methodology for the formal design of the complex information security system in information and telecommunication systems. At the moment, there are no methods for the formal design of complex information security system in information and telecommunication systems, so the development of such a methodology is an urgent task. The article discusses the methods of formalized modeling of information security policy and methods of formalized description of the information and telecommunications system and information processing processes. The necessity of formal design of complex information security system is substantiated and the requirements for the development of formal descriptions of an integrated information security system in accordance with regulatory documents in the field of technical protection of information are described. The comparative characteristics of the methods of formalized modeling of information security policy and methods of formalized description of the information and telecommunication system and information processing processes are given. As a result of the comparison, it is proposed to use the UML method for the formal description of the information-telecommunication system, and the UMLsec method for the security policy modeling. An algorithm for the formation of a complex of protection facilities in an information and telecommunications system is proposed from a formal model of security policy and from a formalized description of an information and telecommunications system and information processing processes.

scholarly journals Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise

2020 ◽  
pp. 84-92
Author(s):  
A.V. Pecheniuk
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Security Policy ◽  
Criminal Responsibility ◽  
Economic Security ◽  
Information Policy ◽  
Security System ◽  
Theory And Practice ◽  
Confidential Information ◽  
Information Security Policy

The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value. The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described. The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out. There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security. It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks. Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.

BASIC REQUIREMENTS FOR INFORMATION PROTECTION PLANNING IN INFORMATION AND TELECOMMUNICATION SYSTEMS AT AN ENTERPRISE

2017 ◽  
Author(s):  
Olena Shepeta ◽  
◽  
Oksana Tugharova ◽  
Keyword(s):  
Information Processing ◽  
Information Security ◽  
Organizational Support ◽  
International Standards ◽  
Information Protection ◽  
Telecommunication System ◽  
Scientific Publications ◽  
Legal Norms ◽  
Telecommunication Systems ◽  
System Life

Today, the information protection at any enterprise is becoming one of the most urgent tasks because of the extremely wide use of various information processing systems, expansion of local and global computer networks, which transmit huge amounts of commercial information, which is owned by one who would not like any stranger to be acquainted with it. After analyzing scientific publications, we have come to the conclusion that with the increase of information processing in information and telecommunication systems, there is an urgent need to create an information protection service at an enterprise. The activities of the company's information protection service should be planned and regulated by local norms created and approved by the company's management, based on which it is advisable to comply with national legal norms of information security and use the recommendations of ISO 2700 series’ international standards. The creation of the information protection service at the enterprise aims at organizational support of the following tasks, such as: planning, management of the complex system of information protection in information and telecommunication systems and control over its functioning. The information protection service must carry out its activities in accordance with the "Information Protection Plan in Information and Telecommunication Systems", calendar, long-term and other work plans approved by the head (deputy head) of the enterprise. The information protection plan in information and telecommunication systems is a set of documents according to which the information protection organization at all stages of the information and telecommunication system life cycle is being carried out. In enterprises where the staffing schedule does not provide for the establishment of an information security service, measures to ensure the information protection in information and telecommunications systems may be carried out by employees appointed by the head of the enterprise’ order [4].

scholarly journals Validity of information security policy models

2004 ◽  
Vol 16 (3) ◽  
pp. 263-274 ◽  
Author(s):  
Joshua Onome Imoniana
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Chief Executive ◽  
Theoretical Models ◽  
Information Security Policy ◽  
Security Officer ◽  
Continuity Planning ◽  
Policy Models ◽  
Inclusive Business

Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

Sign in / Sign up

Export Citation Format

Share Document