Method of information security management systems behavior synthesizing

Authors

  • Василь Васильович Цуркан Pukhov Institute for Modeling in Energy Engineering of National Academy of Sciences of Ukraine

DOI:

https://doi.org/10.18372/2410-7840.22.14982

Keywords:

information security management systems, behavioral, behavior synthesizing, activity, interaction, state machine, SysML

Abstract

The behavior of information security management systems is determined due to activities to keep the confidentiality, integrity, and availability of information in organizations. It is characterized by a sequence of risk management actions on the part of structural elements. The prerequisites for such activities have been established. Among them, definitions of external and internal factors of organizations’ activities, needs, and expectations of stakeholders, scope and limits of information security management systems application, the establishment of acceptability criteria, and selection of risk assessment methods are highlighted. Taking this into account, it was proposed to synthesize the behavior of information security management systems in three aspects. To do this, the activity, sequence, and state machine diagrams in SysML graphic notation are used. Each of the above diagrams synthesized its features as individual structural elements, and information security management systems in general. Activity diagrams specify behavior through a controlled sequence of actions. The characteristic feature of this specification is the orientation towards the establishment of conditions for their implementation. At the same time, represent objects as inputs and outputs of each action. Time features of transmission and reception of objects between structural elements of information security management systems are reflected in the sequence diagram through their interactions. The basis of such interaction is to establish a sequence of message exchange. It is possible either between information security management systems and their environment or between structural elements at any hierarchy level. In this case, both structural elements and information security management systems are interpreted by individual entities – lifelines. The interaction between them is represented by the exchange of messages. The change in states when certain conditions occur is reflected in the state machine diagram. Its use is aimed at describing the behavior according to the “state–transition” scheme. This is accompanied by the creation and destruction of objects, change of their attribute values, generation of messages between them. Therefore, the behavior is represented by the sequential passage of the vertices of a finite automaton graph by directed arcs. Due to this, the activity features of information security management systems in organizations by synthesizing their behavior were established.

References

. ISO/IEC 27001:2013. Information technology. Security techniques. Information security management systems. Requirements. [Second edition 2013-09-25; confirmed 2019-06-03]. URL: https://www.iso.org/standard/54534.html. (accessed on: 06.07.2020).

. Мохор В. В., Цуркан В. В. Поведінкові аспекти системи управління інформаційною безпекою. Інформаційна безпека та інформаційні технології : тези доповідей міжнар. наук.-практ. конф., м. Кропивницький, 2–3 квіт. 2020 р. Кропивницький, 2020. С. 18.

. OMG Systems Modeling Language (OMG SysML™). [Version 1.6 2019-11-01]. URL: https://sysml.org/.res/ docs/specs/OMGSysML-v1.6-19-11-01.pdf. (accessed on: 06.07.2020).

. Ларман К. Применение UML 2.0 и шаблонов проектирования. Практическое руководство. Москва: ООО “И.Д. Вильямс”, 2013. 736 с.

. Леоненков А. В. Самоучитель UML 2. Санкт-Петербург: БХВ-Петербург, 2007. 576 с.

. ISO/IEC 27000:2018. Information technology. Security techniques. Information security management systems. Overview and vocabulary. [Fifth edition 2018-02-07]. URL: https://www.iso.org/standard/73906.html. (accessed on: 06.07.2020).

. Безштанько В. М., Зінченко Я. В. Методи розв’язання лінійних діофантових рівнянь в задачах моделювання процесів в компонентах системи управління інформаційної безпеки. Сучасний захист інформації, 2015. № 1. С. 10–18.

. Haufe K., Colomo-Palacios R., Dzombeta S., Brandis K., Stanchev V. ISMS core processes : A study. Procedia Computer Science. 2016. Vol. 100. P. 339–346. DOI: 10.1016/j.procs.2016.09.167.

. Мохор В., Бакалинский А., Богданов А., Цуркан В. Дескриптивный анализ аналогий между системами управления информационной безопасностью и массового обслуживания. Захист інформації. Том 19, № 2. С. 119–126. DOI: 10.18372/2410-7840.19.11683.

. Sirisom P., Payakpate J., Wongthai W. A System Design for the Measurement and Evaluation of the Communications Security Domain in ISO 27001:2013 Using an Ontology / K. Kim, N. Joukov (eds). Information Science and Applications. ICISA 2017 : Lecture Notes in Electrical Engineering. Vol. 424. Springer, Singapore, 2017. P. 257–265. DOI: 10.1007/978-981-10-4154-9_30.

. Дудикевич В. Б., Микитин Г. В., Ребець А. І. До проблеми управління комплексною системою безпеки кіберфізичних систем. Вісник Національного університету “Львівська політехніка”. Серія: Інформаційні системи та мережі. 2018. № 901. С. 10–21.

. Humphreys E. The Future Landscape of ISMS Standards. Datenschutz Datensich. 2018. Vol. 42, iss. 7. P. 421–423. DOI: 10.1007/s11623-018-0971-8.

. Коломыцев М., Носок С., Тоцкий Р. Сравнительный анализ моделей оценки зрелости информационной безопасности. Захист інформації. 2019. Том 21, № 4. С. 224–232. DOI: 10.18372/2410-7840.21.14337.

. Diamantopoulou V., Tsohou A., Karyda M. General Data Protection Regulation and ISO/IEC 27001:2013: Synergies of Activities Towards Organisations’ Compliance / S. Gritzalis, E. Weippl, S. Katsikas, G. Anderst-Kotsis, A. Tjoa, I. Khalil (eds). Trust, Privacy and Security in Digital Business. TrustBus 2019 : Lecture Notes in Computer Science. Vol. 11711. Springer, Cham, 2019. P. 94–109. DOI: 10.1007/978-3-030-27813-7_7.

. Цуркан В. В. Метод функціонального аналізування систем управління інформаційною безпекою. Кібербезпека: освіта, наука, техніка. 2020. Том 4, № 8. С. 192–201. DOI: 10.28925/2663-4023. 2020.8.192201.

. OMG Systems Modeling Language (OMG SysML™). [Version 1.6 2019-11-01]. URL: https://sysml.org/.res/ docs/specs/OMGSysML-v1.6-19-11-01.pdf. (accessed on: 06.07.2020).

. Moore A., Steiner R. A Practical Guide to SysML. The Systems Modeling Language. Waltham: Elsevier, 2015. 640 p.

. Model based systems engineering with Sparx Systems Enterprise Architect. URL: https://sparxsystems.com/ resources/user-guides/. (accessed on: 06.07.2020).

Downloads

Published

2020-09-30

Issue

Vol. 22 No. 3 (2020)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).