DEFINING THE SEQUENCE OF INTEGRATING TRUSTWORTHINESS COMPONENTS INTO INFORMATION SECURITY SYSTEMS

Oleksandr Bakalynskyi; Fedir Korobeynikov

doi:10.18372/2410-7840.25.18233

Authors

Oleksandr Bakalynskyi Pukhov Institute for Modeling in Energy Engineering of the National Academy of Sciences of Ukraine https://orcid.org/0000-0001-9712-2036
Fedir Korobeynikov G.E. Pukhov Institute for Modeling in Energy Engineer-ing of the National Academy of Sciences of Ukraine https://orcid.org/0009-0003-8127-4379

DOI:

https://doi.org/10.18372/2410-7840.25.18233

Keywords:

trustworthiness, privacy, security, resilience, safety, information security systems

Abstract

The article explores the concept of trustworthiness as an approach to building information security systems, which helps to maintain trust in the information systems they protect. Key components of trustworthiness are identified and ranked: resilience, security, safety, privacy, and compliance. Attention is focused on the significance of the emergent interaction of these components, providing a justified percentage weight for each of them. Two approaches to creating trustworthy systems are considered: the integration of trustworthiness components into the system architecture at the design stage, and the adaptation of existing systems. The advantages and disadvantages of each approach are discussed in the context of implementation speed, cost-effectiveness, and alignment with the philosophy of trustworthiness.

References

Castells M. The Rise of the Network Society: The Information Age: Economy, Society, and Culture. Volume 1. 2nd ed. Oxford, UK: Wiley-Blackwell Publishers Ltd, 2010. 597 p.

Mokhor V., Tsurkan V. Conceptual basis of description for the information security management system architecture. Collection "Information technology and security". 2019. Vol. 7, no. 2. pp. 197-207. URL: https://doi. org/10.20535/2411-1031.2019.7.2.190569.

On Protection of Information in Information and Communication Systems: Law of Ukraine dated 05.07.1994 № 80/94-ВР Bulletin of the Verkhovna Rada of Ukraine № 1994, № 31, 286 p.

Spyridon Samonas, David Coss. The CIA Strikes Back: Redefining Confidentiality, Integrity and Availability in Security. Journal of Information System Se-curity. 2014. Vol. 10, no. 3. pp. 21-45.

Clark D. The Role of Trust in Cyberspace. Trust, Computing, and Society / ed. by R. H. R. Harper. New York, 2014. pp. 17-37. URL: https://doi.org/10.1017/cbo9781139828567.005.

Special Publication 800-160, Volume 1. Engineering trustworthy secure systems. 2022. 113 p. URL: https: //doi.org/10.6028/NIST.SP.800-160v1r1.

Henschke A., Ford S. B. Cybersecurity, trustworthiness and resilient systems: guiding values for policy. Journal of Cyber Policy. 2016. Vol. 2, no. 1. pp. 82-95 URL: https://doi.org/10.1080/23738871.2016.124372.

M. Buchheit, F. Hirsch, R.A. Martin. Trustworthiness Framework Foundations. An Industrial Internet Consortium Foundational Document. 2021. URL: https:// www.iiconsortium.org / pdf / Trustworthi-ness_Framework_Foundations.pdf.

NIST SP 800-37 Rev. 2. Risk Management Framework for Information Systems and Organizations. Gaithersburg, MD: National Institute of Standards and Technology, 2018. URL: https: // doi.org /10.6028/nist. sp. 800-37r2.

NIST Special Publication 800-12. An introduction to information security. Gaithersburg, MD: National Institute of Standards and Technology, 2017. URL: https: //doi.org/10.6028/nist.sp.800-12r1.

NIST SP 800-160 Vol. 2. Developing Cyber-Resilient Systems / R. Ross et Gaithersburg, MD National Institute of Standards and Technology. 2021 URL: https:// doi.org/10.6028/nist.sp.800-160v2r1.

A Roadmap for Cybersecurity Research. Washington, USA. Department of Homeland Security, 2009. 126 p. URL: https: // www.dhs.gov /sites/default/files/publications/CSD-DHS-Cybersecurity-Roadmap_0.pdf.

NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Ukrainian Transla-tion). (2022). National Institute of Standards and Technology. URL: https://doi.org/10.6028/nist.cswp.04162018uk.

Bakalynskyi O., Bezshtanko V. The ISO / IEC 27000 family of standards as a source for creating a national cybersecurity standard. Materials of the 13th meeting of the Interdepartmental Expert Working Group on countering threats to the proliferation of weapons and materials of mass destruction, Kyiv, 11 March 2014. 2014. URL: https: //niss.gov.ua/sites/default/files/2014-03/ 0311_prez2.pdf.

Korobeynikov F. Resilience Paradigm Development In The Security Domain. Electronic Modeling. 2023, 45(4): pp. 88-110. URL: https: // doi.org / 10.15407 /emodel. 45.04.088.

NIST Special Publication 800-82. Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology, 2015. URL: https://doi. org/10.6028/nist.sp.800-82r2.

NIST Privacy Framework. National Institute of Standards and Technology, 2020. URL: https://doi.org/10. 6028/nist.cswp.01162020.

Angraini, Alias R. A., Okfalisa. Information Security Policy Compliance: Systematic Literature Review. Procedia Computer Science. 2019. Vol. 161. pp. 1216-1224. URL: https://doi.org/10.1016/j.procs.2019.11.235.

Patrick A. S., Briggs P., Marsh S. Designing systems that people will trust //Security and Usability. 2005. v. 1. №. 1. pp. 75-99.

Viega J., Kohno T., Potter B. Trust (and mistrust) in secure applications. Communications of the ACM. 2001. Vol. 44, no. 2. pp. 31-36. URL: https: // doi.org /10. 1145/359205.359223.

On Approval of the Rules for Ensuring Information Protection in Information, Electronic Communication and Information and Communication Systems. Resolution of 29.03.2006. No. 373: as of October 21. 2022. URL: https: // zakon.rada.gov.ua / laws / show / 373-2006-п#Text.

DEFINING THE SEQUENCE OF INTEGRATING TRUSTWORTHINESS COMPONENTS INTO INFORMATION SECURITY SYSTEMS

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

Language