scholarly journals CONFORMITY ASSESSMENT OF INFORMATION PROTECTION TOOLS IN CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 6 (1) ◽  
pp. 203-208
Author(s):  
Julia Isaeva ◽  
Valentin Selifanov
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Conformity Assessment ◽  
Information Protection ◽  
Critical Information ◽  
Information Infrastructures ◽  
The Russian Federation

The need for conformity assessment of information security tools at significant objects of critical information infrastructures is demonstrated. In the absence of necessary criteria description for information systems, a possibility of threats implementation appears, which will lead to disruption of functioning of significant objects.

scholarly journals ASSESSMENT OF COMPLIANCE OF INFORMATION SECURITY MEANS ON SIGNIFICANT OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2020 ◽  
Vol 6 (1) ◽  
pp. 155-160
Author(s):  
Julia A. Isaeva ◽  
Anastasiya S. Goldobina ◽  
Dmitry M. Nikulin
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Assessment Process ◽  
Functional Requirements ◽  
Critical Information ◽  
Compliance Assessment ◽  
Information Infrastructures ◽  
Important Means ◽  
The Russian Federation ◽  
Assessment Of Compliance

The need to assess the compliance of information security means depends on the importance of the information, processed at the enterprise. The lack of specific requirements and criteria for conducting an assessment will cause the protection tools to function incorrectly this, in turn, will lead to unpredictable consequences, as well as to the disruption of the functioning of significant objects. Even with the changes made to the legislation of the Russian Federation, there is no specific algorithm for assessment the compliance of certain classes of security tools, such as DLP systems. This article describes the changes made to the legislation and how they will affect the compliance assessment process. The selected security profile, along with GOST 15408-2012, reveals such concepts as functional requirements of trust and security functions. Taking these regulations into account, it is possible to develop a method for conducting compliance assessment for DLP systems, which are an extremely important means of protecting against leaks of confidential information on significant objects of critical information infrastructures.

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

scholarly journals ON THE FORMATION OF LEGAL AND SCIENTIFIC BASES OF ENSURING THE SAFETY OF CRITICAL INFORMATION INFRASTRUCTURE OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 29 (5) ◽  
pp. 644-654
Author(s):  
N.M. Kurbatov
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Critical Infrastructure ◽  
Information Infrastructure ◽  
Significant Information ◽  
Critical Information ◽  
Foreign Countries ◽  
History Of ◽  
The Russian Federation ◽  
Definition Of

The concept of critical information infrastructure is analyzed. The history of its formation and consolidation in the legal space of Russian legislation is considered. The article studies the experience of foreign countries in the field of ensuring information security in general and protecting critical infrastructure in particular. The relevance of the chosen topic is due to the course taken by the Russian Federation for the development of the information society in the country, as well as the need to protect significant information systems and resources of state authorities. The author of the article reveals the terms included in the definition of critical information infrastructure, enshrined in the legislation of the Russian Federation. In conclusion, the main problems of the considered regulatory legal acts are highlighted, recommendations are given on the further development of the information security system of critical infrastructure.

scholarly journals Biometrics in Information Security

2020 ◽  
pp. 30-36
Author(s):  
German Churilin
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Point Of View ◽  
Access To Information ◽  
Biometric Recognition ◽  
User Identification ◽  
Biometric Data ◽  
Biometric Systems ◽  
The Russian Federation

To control the access to information systems (IS), user identification and authentication processes play an important role, which allows to identify the user by the identifier and verify its authenticity. In the most common case, these systems are based on a combination of a username and a password, i.e. the user must remember this combination. However, in recent years, the popularity of systems that use human biometric data, which is always with us and can not be forgotten or lost, has increased, which provides certain convenience for users, since they do not need to remember anything or present any identity documents. This article focuses on biometric systems from the point of view of information security. The paper addresses the issues of regulating this area by the legislation of the Russian Federation, the main threats inherent in these systems and ways to minimize them. The article discusses the use of biometric recognition in information systems as part of information security. The authors highlight the risks that may affect security and means to minimize them.

scholarly journals FEATURES OF INTELLIGENT INFORMATION SECURITY MANAGEMENT SYSTEMS FOR CRITICAL INFORMATION INFRASTRUCTURE OBJECTS

2020 ◽  
Vol 6 (2) ◽  
pp. 99-104
Author(s):  
Valeria A. Tabakaeva ◽  
Igor N. Karmanov ◽  
Vladimir R. An
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Intelligent Systems ◽  
Information Technologies ◽  
Information Infrastructure ◽  
Management Systems ◽  
Information Security Management ◽  
Critical Information ◽  
The Russian Federation ◽  
Intelligent Information

The article discusses the problem of using intelligent systems in managing information security of critical information infrastructure objects. Currently, the development of information technologies reached the point of transition to widespread use of various intelligent systems. At the same time, their application is also noted in the sphere of ensuring the security of significant objects of critical information infrastructure of the Russian Federation. Cybersecurity parameter management systems have a special place as fundamental elements for ensuring security during operation, as well as responding to external and internal incidents with the required efficiency and speed. In the course of the research, we select ways to solve such problems as choosing a threat model and protection system architecture for an object of critical information infrastructure of the Russian Federation.

INTERSUBJECTIVE INTERACTION AS A SOURCE OF DESTRUCTIVE INFLUENCES ON THE SUBJECT OF CRITICAL INFORMATION INFRASTRUCTURE

2021 ◽  
Vol 54 (2) ◽  
pp. 71-80
Author(s):  
MAKSIMOVA ELENA A. ◽  
◽  
SADOVNIKOVA NATALYA P. ◽  
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Information Infrastructure ◽  
Destructive Effect ◽  
Methodological Basis ◽  
Critical Information ◽  
The Subject ◽  
The Russian Federation ◽  
Methodological Assessment ◽  
The Stability

With the introduction of No. 187-FL in 2017, new priorities have been identified in the Russian Federation at the level of ensuring the stability and information security of society and the state as a whole. The issues of the security of the functioning of the subjects of the critical information infrastructure (CII) are identified as priorities. However, regulatory legal acts introduced on this issue are considered without a methodological assessment of intersubjective interaction at the level of the CII. At the same time, not taking this factor into account when building a security system at CII facilities reduces its effectiveness, brings a destructive effect to the system and can be considered as a vulnerability at the infrastructure level. In this article, the elements of the methodological basis for considering intersubjective interaction as a source of destructive influence on the subject of critical information infrastructure are proposed. The result of the analysis of the types of intersubjective relationships within the areas of functioning of the CII.

scholarly journals DEVELOPMENT OF CYBERSECURITY AUDIT METHODOLOGY FOR STATE INFORMATION SYSTEMS RELATED TO SIGNIFICANT OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURE OPERATING ON THE BASIS OF DATA CENTERS

2020 ◽  
Vol 6 (1) ◽  
pp. 22-30
Author(s):  
Vladimir R. An ◽  
Valeria A. Tabakaeva ◽  
Valentin V. Selifanov
Keyword(s):  
Information Systems ◽  
Russian Federation ◽  
Data Centers ◽  
Information Infrastructure ◽  
State Control ◽  
State Information ◽  
Critical Information ◽  
State Secret ◽  
The Russian Federation ◽  
Support Software

The problem of developing a cybersecurity audit methodology for state information systems related to significant objects (SO) of critical information infrastructure (CII), operating on the basis of data centers is considered. In accordance with the requirements of the legislation, state control is carried out in accordance with the Order of the FSTEC of Russia dated February 11, 2013 №17 “Requirements. Ensuring the protection of information not constituting a state secret.” Currently, there are many international and domestic recommendations and practices to conducting cybersecurity audit of information systems, but they do not meet the existing and emerging requirements in the field of cybersecurity of SO CII of the Russian Federation and cannot be applied without significant improvement. The authors consider the issues that need to be solved in order to develop an audit methodology, analyze existing legislative and regulatory acts of the Russian Federation and Federal Executive bodies authorized in this area, methodological documents (MD) and standards, as well as possible reasons for the current situation. An algorithm of possible actions for conducting a cybersecurity audit in the course of state control is proposed. The algorithm is a result of compiling international practices (standards) and requirements adopted in the Russian Federation, as well as requirements to the necessary tools - vulnerability analysis systems and support software (database management systems).

scholarly journals Improving information security: criminal-legal means of counteracting digital data leakage

2020 ◽  
Vol 6 (Extra-A) ◽  
pp. 222-229
Author(s):  
Liana Aleksandrovna Kamalieva ◽  
Irina Alexandrovna Kazakova ◽  
Sergey Leonidovich Nikonovich Nikonovich ◽  
Vitaly V. Goncharov ◽  
Maya Livson
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Criminal Law ◽  
Digital Data ◽  
Digital Information ◽  
Information Protection ◽  
Effective Protection ◽  
The World ◽  
The Russian Federation ◽  
Criminal Legislation

The purpose of this work is to assess the ability to resist the leakage of digital data using criminal legal means. The authors examine the extent of the phenomenon in question in the world and in particular in the Russian Federation. Thus, the current criminal legislation and legislation on information protection of the Russian Federation does not have effective mechanisms to counteract leaks of digital information, due to the lack of an independent criminal legal qualification of this act. This circumstance, according to the authors, negatively affects the state of information protection in the Russian Federation. The international experience of countering the leakage of protected information by legal means is studied. The authors develop a terminological apparatus that should be introduced into the norms of criminal law for a clear qualification of the act. Proposals are presented to improve the current criminal legislation and legislation on information protection, which allows for more effective protection of secured digital information by legal means.      

scholarly journals The Model of Information Security Control in State Information Systems

2019 ◽  
pp. 16-22
Author(s):  
Aleksey Babenko ◽  
Svetlana Kozunova
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Formal Model ◽  
Cyber Attacks ◽  
Protection Measures ◽  
State Information ◽  
Security Breaches ◽  
The Russian Federation ◽  
Structural Failures

The control of information protection in state information systems is relevant due to the requirements of the legislation of the Russian Federation, to the value of the information processed in them, to its increasing role in the formation of the modern information society in the Russian Federation, as well as the increasing need for procedures for combining information flows of organizations and enterprises. The article deals with the issues related to the control of information security in state information systems. The analysis of works on this subject reveals a solution to particular problems. Therefore, an integrated formalized approach to solving the problem of protecting information in state information systems, taking into account their specifics, threats and requirements of regulators, is relevant. The information leaks, leakage channels in such systems, as well as threats to information security breaches in state information systems have been analyzed. The most likely threats are cyber-attacks, natural disasters, structural failures and human errors. A formalized model for managing information security in state information systems has been developed, which defines an effective set of protection tools in accordance with the requirements of technical protection measures that can be used to automate the process of monitoring. The formal model aimed at solving the problem of optimizing the used protection mechanisms in relation to the overlapping threats has been proposed. The prospects for the development of this study have been determined.

Sign in / Sign up

Export Citation Format

Share Document