scholarly journals DEVELOPMENT OF CYBERSECURITY AUDIT METHODOLOGY FOR STATE INFORMATION SYSTEMS RELATED TO SIGNIFICANT OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURE OPERATING ON THE BASIS OF DATA CENTERS

2020 ◽  
Vol 6 (1) ◽  
pp. 22-30
Author(s):  
Vladimir R. An ◽  
Valeria A. Tabakaeva ◽  
Valentin V. Selifanov
Keyword(s):  
Information Systems ◽  
Russian Federation ◽  
Data Centers ◽  
Information Infrastructure ◽  
State Control ◽  
State Information ◽  
Critical Information ◽  
State Secret ◽  
The Russian Federation ◽  
Support Software

The problem of developing a cybersecurity audit methodology for state information systems related to significant objects (SO) of critical information infrastructure (CII), operating on the basis of data centers is considered. In accordance with the requirements of the legislation, state control is carried out in accordance with the Order of the FSTEC of Russia dated February 11, 2013 №17 “Requirements. Ensuring the protection of information not constituting a state secret.” Currently, there are many international and domestic recommendations and practices to conducting cybersecurity audit of information systems, but they do not meet the existing and emerging requirements in the field of cybersecurity of SO CII of the Russian Federation and cannot be applied without significant improvement. The authors consider the issues that need to be solved in order to develop an audit methodology, analyze existing legislative and regulatory acts of the Russian Federation and Federal Executive bodies authorized in this area, methodological documents (MD) and standards, as well as possible reasons for the current situation. An algorithm of possible actions for conducting a cybersecurity audit in the course of state control is proposed. The algorithm is a result of compiling international practices (standards) and requirements adopted in the Russian Federation, as well as requirements to the necessary tools - vulnerability analysis systems and support software (database management systems).

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

scholarly journals ON THE FORMATION OF LEGAL AND SCIENTIFIC BASES OF ENSURING THE SAFETY OF CRITICAL INFORMATION INFRASTRUCTURE OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 29 (5) ◽  
pp. 644-654
Author(s):  
N.M. Kurbatov
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Critical Infrastructure ◽  
Information Infrastructure ◽  
Significant Information ◽  
Critical Information ◽  
Foreign Countries ◽  
History Of ◽  
The Russian Federation ◽  
Definition Of

The concept of critical information infrastructure is analyzed. The history of its formation and consolidation in the legal space of Russian legislation is considered. The article studies the experience of foreign countries in the field of ensuring information security in general and protecting critical infrastructure in particular. The relevance of the chosen topic is due to the course taken by the Russian Federation for the development of the information society in the country, as well as the need to protect significant information systems and resources of state authorities. The author of the article reveals the terms included in the definition of critical information infrastructure, enshrined in the legislation of the Russian Federation. In conclusion, the main problems of the considered regulatory legal acts are highlighted, recommendations are given on the further development of the information security system of critical infrastructure.

scholarly journals DIGITAL TRANSFORMATION OF URBAN PLANNING

2021 ◽  
Vol 26 (1) ◽  
pp. 110-121
Author(s):  
Andrey M. Tararin ◽  
Keyword(s):  
Information System ◽  
Information Systems ◽  
Urban Planning ◽  
Russian Federation ◽  
Digital Transformation ◽  
Federal State ◽  
State Information ◽  
State Register ◽  
The Russian Federation ◽  
Capital Construction

The purpose of the study is to reveal the features of the development of information support for urban planning in the context of digital transformation. The article summarizes new material on the topic under study: the latest amendments to the Urban Planning Code of the Russian Federation and relevant by-laws, prospects for the implementation of the national program "Digital Economy of the Russian Federation". The study provides a historical analysis of the development of information sup-port for urban planning. Particular attention is paid to the creation in the subject of the Russian Federa-tion of state information systems for ensuring urban planning with the functions of automated infor-mation and analytical support for the exercise of powers in the field of urban development (GISFUD) and the role of GIS technologies in its implementation. As a result of the study, there was proposed a scheme of information interaction between GISFUD and other information systems, including the Federal State Information System of Territorial Planning, the Federal State Information System for maintaining the Unified State Register of Real Estate, the Federal Information Address System, and the Unified State Register of expert conclusions for design documentation of capital construction facilities and the State Information System for maintaining a Unified Electronic Cartographic Basis for the ex-change of spatial data in order to provide automated support for the exercise of powers in the field of urban planning. The article defines the main trend of the digital transformation of urban planning ac-tivities, characterized by the transition to the provision of integrated services in the construction indus-try and the introduction of super services, as well as by the distribution of information models of capi-tal construction facilities and 3D printing in construction. It gives recommendations for digital trans-formation parameters in urban planning.

scholarly journals Provision of security of the Unified Federal Information Register Containing Data on the Population of the Russian Federation

2020 ◽  
pp. 10-18
Author(s):  
Artem Nikolaevich Gulemin
Keyword(s):  
Information System ◽  
Public Relations ◽  
Russian Federation ◽  
Personal Data ◽  
Information Infrastructure ◽  
Legal Regulation ◽  
Critical Information ◽  
The Russian Federation ◽  
The Government ◽  
Legal Security

The object of this research is the public relations with regards to processing of information in the Unified Federal Information Register Containing Data on the Population of the Russian Federation n. Besides the Federal Law “On the Unified Federal Information Register Containing Data on the Population of the Russian Federation”, the subject of this research is legislation in the area of personal data and legislation on the critical information infrastructure. Based on the main formal and substantive aspects, the author defines the indicated register as a variety of register-based information; substantiates the relevance of application of the principles of framework regulation of information law in the context of creating the register; raises the question on the need to recognize the information system that processes data contained in the register as a valuable object of critical information infrastructure. The novelty of this research consists in the fact that this article is one of the first works dedicated to provision of legal security of the Unified Federal Information Register Containing Data on the Population of the Russian Federation. The following conclusions and proposals on improvement of legislation are formulated: 1) The principles of legal regulation established by legislation with regards to information as the object of legal regulation should be applied to the created register; any unauthorized actions with a separate register entry should be viewed as violation of integrity of the entire object. 2) Due to critical importance of the data contained in the register, it is essential to set confidentiality restrictions, and recognize the federal nformation system that processes data contained in the register as a valuable object of critical information infrastructure. 3) In the text of the Law “On the Unified Federal Information Register Containing Data on the Population of the Russian Federation”, it is necessary to specify the responsibilities of operator of the federal information system who maintains the federal register and compliance with the requirements of legislation on the security of critical information infrastructure. It is also necessary to clarify the provisions of the Decree of the Government of the Russian Federation that establishes a list of criteria of importance of the objects of critical information infrastructure of the Russian Federation and their value.

scholarly journals CONFORMITY ASSESSMENT OF INFORMATION PROTECTION TOOLS IN CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 6 (1) ◽  
pp. 203-208
Author(s):  
Julia Isaeva ◽  
Valentin Selifanov
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Conformity Assessment ◽  
Information Protection ◽  
Critical Information ◽  
Information Infrastructures ◽  
The Russian Federation

The need for conformity assessment of information security tools at significant objects of critical information infrastructures is demonstrated. In the absence of necessary criteria description for information systems, a possibility of threats implementation appears, which will lead to disruption of functioning of significant objects.

FEATURES OF POSITIONING PERSONAL DATABASES OF INFORMATION SYSTEMS OF SCIENTIFIC AND EDUCATIONAL INSTITUTIONS

2021 ◽  
pp. 21-28
Author(s):  
Павел Юрьевич Пушкин
Keyword(s):  
Information Systems ◽  
Russian Federation ◽  
Personal Data ◽  
Automated Analysis ◽  
Educational Institutions ◽  
State Control ◽  
Higher Educational Institutions ◽  
The Russian Federation ◽  
Higher Educational ◽  
The University

В статье проведен анализ нормативных актов по организации обработки и защите персональных данных на предмет размещения баз данных, используемых в информационных системах российских учреждений научно-образовательной сферы. С 2015 года законодательством Российской Федерации определена необходимость размещения баз персональных данных на территории нашей страны. Однако есть случаи, когда хранение персональных данных возможно и за пределами нашей страны. В работе рассмотрены такие исключения, применимые к сфере деятельности научно-образовательных учреждений. На основе автоматизированного анализа реестра операторов персональных данных определено соотношение высших учебных заведений, представивших сведения о месте нахождения своих баз данных в соответствии с Российским законодательством. Более 24% высших учебных заведений такие сведения не предоставили, что может говорить о необходимости оказания университетскому операторскому сообществу методической помощи по вопросам порядка обработки и защиты персональных данных. В ходе проведения контроля за порядком обработки персональных данных по требованию Роскомнадзора необходимо представить, в том числе, документы, подтверждающие расположение баз персональных данных информационных систем в пределах границ Российской Федерации. В работе разработаны рекомендации по размещению и документальному оформлению местонахождения баз данных, использующихся в информационных системах научно-образовательных учреждений, при использовании собственной и предоставляемой третьими лицами ИТ-инфраструктуры. The article analyzes normative acts on the organization of processing and protection of personal data for the location of databases used in information systems of Russian institutions of the scientific and educational sphere. Since 2015, Russian legislation has provided for the placement of personal data bases on the territory of our state. However, there are cases when the storage of personal data is possible outside our country. The paper considers such exceptions applicable to the field of activities of scientific and educational institutions. On the basis of an automated analysis of the register of personal data operators, the ratio of higher educational institutions that provided information about the location of their databases in accordance with the legislation of the Russian Federation was determined. More than 24% of higher educational institutions did not provide such information, which may indicate the need to provide the university operator community with methodological assistance on organizing the processing and protection of personal data. In the course of state control over the organization of personal data processing, it is required to submit, among other things, documents confirming the placement of databases of personal data of information systems on the territory of the Russian Federation. Recommendations have been developed for placing and documenting the location of databases, when processing them in the information systems of research and educational institutions using their own and provided by third parties IT infrastructure.

Issues of Applying of Article 2741 of the Criminal Code of the Russian Federation «Unlawful Influence on Critical Information Infrastructure of the Russian Federation»

2021 ◽  
Vol 2 ◽  
pp. 97-107
Author(s):  
Ya. О. Kuchina ◽  
Keyword(s):  
Law Enforcement ◽  
Russian Federation ◽  
Criminal Liability ◽  
Information Infrastructure ◽  
Criminal Code ◽  
Legal Issues ◽  
Criminal Case ◽  
Legal Practice ◽  
Critical Information ◽  
The Russian Federation

A new article was introduced into the Criminal Code of the Russian Federation in 2017, which establishes criminal liability for unlawful impact on the critical information infrastructure of the Russian Federation. However, there is still no developed legal practice of applying this article, despite repeated statements of experts about the significant prevalence of crimes that encroach on the security of critical information infrastructure. The author of the article discovered one criminal case instituted on the grounds of a crime prohibited by Art. 2741 of the Criminal Code. The proposed article contains an analysis of the legal issues of this article, including the consideration of the specifics of qualification under Part 1, Part 2, and Part 3 of Art. 2741 of the Criminal Code. The concept of critical information infrastructure as an object of crime is considered, suggestions are made about the features of qualification of acts that will minimize law enforcement errors.

Sign in / Sign up

Export Citation Format

Share Document