Model of parameters for identification of functional security profile in computer systems
DOI:
https://doi.org/10.18372/2225-5036.25.13844Keywords:
IISS state examinations, functional security profile, information security criteria, computer systemsAbstract
One of the key tasks during the state examination is the identification of the functional security profile (FSP). During the examination, the types of information that is processed and the risks of its loss, modification or disclosure are evaluated. For this, the FSP is being built, which contains the lists and levels of functional security services (FSS) required to ensure an acceptable level of information security. To determine the completeness and consistency, the rules for the construction of the FSP should be taken into account, and the automation of this process is linked to the relevant rules. The FSP itself is a key element in conducting state examinations, and its analysis of compliance with a regulatory document is one of the most important tasks. To solve the problem of identifying the FSP, it is necessary to: determine the levels of FSS, implemented integrated information security systems (IISS) of the object of examination; determination of the completeness and consistency of the profile; identification of the description of the FSS in the source documents. With this in mind, a model of parameters was proposed for the identification of the FSP in computer systems (СS) which due to the theoretical and multiple representation of certain sets of criteria for information security, their elements and corresponding levels, allowed to formally form the necessary set of values for the implementation of the process of identification of FSP in the CS. A definition is given for the sets of criteria, their elements and levels. All this made it possible in a formal form to form the necessary set of quantities for the implementation of the identification of FSP in the CS. The development of these works is the development of a method for identifying FSP. This will automate the process of determining of the requirements of the regulatory document regarding the protection functions (security services) and guarantees.
References
Корченко О., Давиденко А., Шабан М. "Деком-позиційна модель представлення смислових констант та змінних для реалізації експертиз у сфері ТЗІ", Захист інформації, Том 21, №2, С. 88-96, 2019.
НД ТЗІ 2.5-004-99 Критерії оцінки захищеності інформації в комп’ютерних системах від несан-кціонованого доступу, затверджений наказом Департаменту спеціальних телекомунікаційних систем та захисту інформації СБ України від 28.04.99 р., № 22.
Про інформацію: Закон України від 02.10.1992 р. № 2657-XII, у ред. Закону України від 13.01.2011 р. № 2938–VI [Текст] // ВВР, 2011, 32, № 32, Ст. 313.