Method of informative-analytical support of information security management based on the system approach
DOI:
https://doi.org/10.18372/2410-7840.16.6508Keywords:
system approach to information security, model of relations between the components of an ISMS, data model for information security management, information security management method, information security management system, ISMSAbstract
Informative-analytical support of information security management based on the system approach is used to unite the heterogeneous security means and the forces of different security specialists in order to fulfil the strategic tasks of Ukraine’s national information security.
The model of logical and functional relations between the components of an information security management system (ISMS) is improved. The set of components named “Directions” is given a variable length. This provides the flexibility to the processes of analysis, prognostication and informative-analytical support for the decisions concerning information security.
For the first time the information security management system data model is developed, that provides concerted processing and storage of operational tasks, knowledge and information security risks under the incompleteness of information. The data is structured according to the improved model of logical and functional relations between the components of an ISMS.
For the first time the method of informative-analytical support for information security management is developed, which provides the system approach principles application in information security management. The method is based on the improved model of relations between the components of an ISMS, the developed information security management data model and the developed technique of current information security state estimation.
An example of the developed method application in Ukraine’s banking system is presented. Recommendations for the scientific and practical use of the developed models and method are provided.
References
Domarev V.V. Upravlinnya informatsiynoyu bezpekoyu v bankivskykh ustanovakh (Teoriya i praktyka vprovadzhennya standartiv seriyi ISO 27k) [Information security management in banking institutions (Theory and practice of ISO 27k standards implementation)]. Donetsk: «Welstar», 2012. 146 p.
Domarev D.V., Domarev V.V., Prokopenko S.D. Method of information system’s security level estimation using ISMS "Matrix". Zakhyst infotmatsiyi. 2013; 1(15): p. 80-86.
Domarev D.V., Domarev V.V. Method of information security management in banking institutions using ISMS "Matrix". Bezpeka informatsiyi. 2013; 1(19): p. 60-70.
Informatsiyni tekhnologiyi. Metody zakhystu. Systema upravlinnya informatsiynoyu bezpekoyu (ISO/IEC 27001:2005, MOD): GSTU SUIB 1.0/ISO/IEC 27001:2010 [Information technology – Security techniques – Information security management system (ISO/IEC 27001:2005, MOD): Branch standard of Ukraine ISMS 1.0/ISO/IEC 27002:2010]. Kyyiv: National bank of Ukraine, 2010. 49 p.
Informatsiyni tekhnologiyi. Metody zakhystu. Zvid pravyl dlya upravlinnya informatsiynoyu bezpekoyu (ISO/IEC 27002:2005, MOD): GSTU SUIB 2.0/ISO/IEC 27002:2010 [Information technology – Security techniques – Code of practice for information security management (ISO/IEC 27002:2005, MOD): Branch standard of Ukraine ISMS 2.0/ISO/IEC 27002:2010]. Kyyiv: National bank of Ukraine, 2010. 163 p.
Domarev V.V. Bezopasnost ynformatsyonnykh tekhnologyy. Systemnyy podkhod [IT security. The system approach]. Kyyiv: OOO “TID DS”, 2004. 992 p.
Domarev D.V. Application of semi-Markov processes in design and state description of information security systems. Systemy obrobky informatsiyi. 2009; 7(79): p. 19-24.
Domarev D.V. Mathematical description of computer network attacking processes. Problemy informatyzatsiyi ta upravlinnya. 2010; 1(29): p. 50-54.
Zgurovskyy M.Z., Pankratova N.D. Systemnyy analiz: problemy, metodologiya, prilozheniya [System analysis: problems, methodology, applications]. Kyyiv: “Naukova dumka”, 2011. 726 p.
Domarev D.V. Application of semi-Markov processes for heterogeneous computer networks modelling. IX Mizhnarodna naukova konferentsiya studentiv ta molodykh uchenykh “Polit” (IX International scientific conference of students and young scientists “Polit”). Kyyiv: “Nau-druk”, 2009, p. 267.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
