MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

Download Full-text

MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

NEWS OF THE NATIONAL ACADEMY OF SCIENCES OF THE REPUBLIC OF KAZAKHSTAN ◽

10.32014/2021.2224-5294.2 ◽

2021 ◽

Vol 335 (1) ◽

pp. 14-18

Author(s):

N. Baisholan ◽

K.E. Kubayev ◽

T.S. Baisholanov

Keyword(s):

Information System ◽

Risk Management ◽

Information Systems ◽

Information Security ◽

Information Technologies ◽

Business Processes ◽

Security Audit ◽

Security Systems ◽

Security Models ◽

Methods And Techniques

Download Full-text

Methods of Developing Recommendations for Improving the Security of Information Systems

NBI Technologies ◽

10.15688/nbit.jvolsu.2020.3.3 ◽

2021 ◽

pp. 18-22

Author(s):

Natalia Golovacheva ◽

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Technologies ◽

Business Processes ◽

Assessment Tools ◽

Security Assessment ◽

Malicious Attacks ◽

Growth Trend ◽

Security Breaches

With the advent of information technologies, information systems have been widely used in organizations and enterprises. The use of information systems allows optimizing the workforce, automating all or part of business processes. However, the use of information systems requires the development of an information security system to minimize malicious attacks. To reduce the likelihood of malicious attacks, there are a large number of software and hardware-based information security tools. The complexity of computing the distribution of the components of information systems complicates the process of creating and configuring protection systems, the number of threats to security are increasing every year. For a timely response to information security incidents, including attacks, it is necessary to use information system security assessment tools to reduce the risks of security breaches. InfoWath statistics show the growth trend of various types of attacks, both from an external attacker and from an internal one. Therefore, one of the most important tasks is to correctly determine the security of information systems. The paper implements a mathematical model for assessing the security of an information system based on the selected methods. The architecture of the software package for assessing the security of the information system is formed.

Download Full-text

Model and Technique for Abonent Address Masking in Cyberspace

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-06-2-13 ◽

2020 ◽

pp. 2-13

Author(s):

Vadim Kuchurov ◽

◽

Roman Maximov ◽

Roman Sherstobitov ◽

◽

...

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Information Exchange ◽

Information Technologies ◽

System Structure ◽

Security Requirements ◽

Kolmogorov Equation ◽

Basic Set ◽

Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

Download Full-text

USING BLOCKCHAIN TECHNOLOGY TO DEVELOP A CORPORATE INFORMATION SYSTEM IN A PROTECTION PERFORMANCE

ИНФОРМАЦИЯ И БЕЗОПАСНОСТЬ ◽

10.36622/vstu.2020.23.3.008 ◽

2020 ◽

pp. 399-408

Author(s):

Петр Юрьевич Филяк ◽

Максим Константинович Постников ◽

Семен Евгеньевич Федоров ◽

Александр Григорьевич Остапенко ◽

Андрей Петрович Преображенский

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Business Processes ◽

Corporate Information System ◽

Blockchain Technology ◽

Block Chain ◽

Corporate Information Systems ◽

Corporate Information

В условиях развития информационного общества (Knowledgeable society - KS) информационные системы стали неотъемлемой частью любой организации, даже самой малой, независимо от реализуемых ими бизнес-процессов. Такие информационные системы принято называть корпоративными информационными системами (КИС), или Corporate Information System (CIS). Особые требования при разработке КИС предъявляются к обеспечению их информационной безопасности, что может быть реализовано путем разработки КИС в защищенном исполнении. Технологии blockchain являются очень перспективными не только при применении их в традиционных сферах - производстве, сервисе, на транспорте, но и для решения проблем безопасности и информационной, в частности. Анализу данной проблемы и подходам к ее решению и посвящена данная статья. At present, in the context of the development of Knowledgeable society, information systems are at now an integral part of any organization, even the smallest, regardless of the business processes they implement. Such information systems are commonly referred to as Corporate Information Systems (CIS). Special requirements for the development of CIS are made to ensure their information security, which can be achieved by developing a protected version of the CIS. In this article is considered the analysis of this problem and approaches to its solution. Block Chain technologies are very promising not only when applying them in traditional spheres - manufacturing, service, transport, but also to solve security and information problems, in particular.

Download Full-text

Maturity Level Analysis of Inventory Information Systems Using COBIT 4.1 Framework at PT. MEDISTA UTAMA

IJISTECH (International Journal Of Information System & Technology) ◽

10.30645/ijistech.v5i1.108 ◽

2021 ◽

Vol 5 (1) ◽

pp. 1

Author(s):

Susi Susilowati

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Medical Devices ◽

Business Processes ◽

It Governance ◽

Maturity Level ◽

A Company ◽

Level 2 ◽

Level Analysis

PT. Medista Utama is a company engaged in the distribution of medical devices. We have implemented an information system in the inventory section that is used to control the movement of products in the company. The system used must be able to manage, convey and maintain information security properly. So it is necessary to carry out an audit that aims to evaluate the information system governance that is running and ensure that the existing procedures support the existing business processes in the company. The audits were conducted following the standards of the COBIT 4.1 Framework for IT governance. This study will focus on the Delivery Service and Support (DSS) domain to analyze several aspects of IT that are currently running in this company, from the level of system security used to the management carried out by the system. In this domain, the research is focused on the DS5, DS10, and DS11 sub-domains. From the research results it is known that DS5 is at the level of 1.3; DS10 and DS11 are at level 2 (Repetitive but Intuitive). The conclusion is the level of capability obtained from the inventory information system of PT. Medista Utama is still below the expected level. And many improvements are needed to maximize the company's performance to achieve the expected Maturity Level value.

Download Full-text

Information security in organisations

Zeszyty Naukowe Akademii Sztuki Wojennej ◽

10.5604/01.3001.0010.3530 ◽

2017 ◽

Vol 105 (4) ◽

pp. 167-187

Author(s):

Joanna Werner ◽

Edyta Szczepaniuk

Keyword(s):

Information Systems ◽

Information Security ◽

Private Sector ◽

Empirical Research ◽

Legal Basis ◽

Monitoring Methods ◽

Security Systems ◽

Public And Private ◽

Security Models ◽

Public And Private Sector

The paper presents recommended methods of information security systems designs. The analysis comprises the essence and elements of information security, but also the relations between them. The systemic approach to the studied area required providing characteristics of legal basis and information security models – ISO/IEC and TISM. Also characterised were the implementation, exploitation, and monitoring methods of information systems. The paper concludes with a presentation of results of empirical research conducted in public and private sector entities, as well as conclusions and recommendations.

Download Full-text

INFORMATION SYSTEM SECURITY RISK MANAGEMENT ANALYSIS IN UNIVERSITAS ADVENT INDONESIA USING OCTAVE ALLEGRO METHOD

Abstract Proceedings International Scholars Conference ◽

10.35974/isc.v7i1.1387 ◽

2019 ◽

Vol 7 (1) ◽

pp. 1715-1724

Author(s):

Elmor Benedict Wagiu ◽

Raminson Siregar ◽

Raymond Maulany

Keyword(s):

Information Technology ◽

Information System ◽

Risk Management ◽

Information Security ◽

Business Processes ◽

Financial Information ◽

Security Risk ◽

System Risk ◽

Area Of Concern ◽

The Impact

Universitas Advent Indonesia is one of the many universities that use information technology to support their business processes in the hope that information technology will provide significant benefits. The use of information technology in supporting a business can not be separated from the risks that might be faced. for that, good management of information technology will be the key to how much risk will be faced. In this case, the researcher will conduct an analysis of information system risk management at the Universitas Advent Indonesia. The method used by researchers is OCTAVE ALLEGRO. OCTAVE ALLEGRO is a method that is often used to carry out analysis in the field of risk management and risk assessment. The purpose of this study was to identify risks that could potentially threaten business processes at Universitas Advent Indonesia by first identifying the impact of the area, determining the scale of priorities etc. The results of the study using OCTAVE Allegro is a risk reduction approach for each area of concern of each UNAI critical information asset namely student financial information, lecturer financial information, student score information, student transcript information, and class attendance data. UNAI makes written rules regarding responsibilities in maintaining information security and sanctions for violators and do socialize about the rule well gradually to Universitas Advent Indonesia employees. Re-evaluate information security by using OCTAVE Allegro method periodically, for example, once every 2 years.

Download Full-text

Research on Method of Information System Information Security Risk Management

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.926-930.4105 ◽

2014 ◽

Vol 926-930 ◽

pp. 4105-4109

Author(s):

Xiao Li Cao

Keyword(s):

Information System ◽

Risk Management ◽

Information Systems ◽

Information Security ◽

Risk Analysis ◽

Management Approach ◽

Security Risk ◽

System Risk ◽

Information Security Risk ◽

Security Risk Management

With the popularity of the Internet and global information continues to advance organizational information systems have become an important strategic resource for the survival of the importance of information security to protect its widespread concern. Once the information security organization information system is destroyed, the Organization for Security attribute information would cause tremendous impact the organization's business operation, the losses include not only economic, but also likely to organize image, reputation is a strategic competitive advantage even fatal injuries. However, the existing information systems of information security risk management approach to information system risk analysis and assessment with specific organizational environment and business background with fragmentation, lack of risk analysis and description of the formation process, carried only consider "technical" factors security decisions, lack of full expression to achieve the desired goal of a number of decisions on organizational decision-making. Therefore, the information system to carry information security risk management is essential.

Download Full-text

The Octave Allegro Method in Risk Management Assessment of Educational Institutions

Aptisi Transactions On Technopreneurship (ATT) ◽

10.34306/att.v2i2.103 ◽

2020 ◽

Vol 2 (2) ◽

pp. 167-179

Author(s):

Jane Hom ◽

Boonsri Anong ◽

Kim Beom Rii ◽

Lee Kyung Choi ◽

Kenita Zelina

Keyword(s):

Information System ◽

Risk Management ◽

Information Systems ◽

Business Processes ◽

Educational Institutions ◽

Information Systems Security ◽

Financial Loss ◽

Systems Security ◽

Academic Information ◽

A Company

Risk management is useful in overcoming various problems such as not optimal business processes, the company’s reputation down, financial loss, or bankruptcy of a company. In the application of information systems, most organizations or companies have not noticed the importance of information systems security as well as the assets and impacts that arise. For that, the risk management assessment is used in reducing the errors that occur in the information system of the company's business processes. The risk management assessment is applied to the information system along with its assets in evaluating the possibilities of menaces and vulnerabilities. The Risk management assessment analysis is applied to the academic information system in universities. The result of the risk assessment is the results of recommendations on the stages that need to be done in protecting the assets of information systems and information systems themselves.

Download Full-text

Comparison and Evaluation of Information Security Models for Access Control

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.657.708 ◽

2014 ◽

Vol 657 ◽

pp. 708-712 ◽

Cited By ~ 1

Author(s):

Nicolae Anton ◽

Anișor Nedelcu

Keyword(s):

Information System ◽

Risk Management ◽

Information Security ◽

Mathematical Models ◽

Structural Characteristics ◽

Future Research ◽

Security Risk ◽

Security Models ◽

Security Modeling ◽

Security Risk Management

This paper presents an approach to various forms of security and different access levels required in an information system by analyzing mathematical models that can be applied to this field. By describing their structural characteristics and how they find implementation in the study of information security, this paper underlines the necessity, means and effectiveness of information security modeling. The conclusions of this paper highlight the importance of a well-defined security risk management and how achieving this goal provides an opening for future research.

Download Full-text