Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

National Security
Reference:

Tsaregorodtsev, A.V., Kachko, A.K. One of the approaches to the management of information security when developing information infrastructure of the organization.

Abstract: Modeling of threats and vulnerabilities of information security is widely applied in foreign and Russian practices. The key shortcoming of the methods, which are used, includes lack of formalized description of conceptual solutions when forming projects of information systems. Due to this fact the author offers to view a specifi c type of description as a formalized model. This is an important stage for the formation of links between the business requirements and the abilities of information technologies. The author offers to improve the existing solutions with an architecture, comprising three key elements: modeling, architectural component and risk-analysis module.


Keywords:

military, information, threat, risks, management, business assets, business model, infrastructure, countermeasures.


This article can be downloaded freely in PDF format for reading. Download article


References
1. Standart Banka Rossii STO BR IBBS-1.0-2010. OBESPEChENIE INFORMATsIONNOY
2. BEZOPASNOSTI ORGANIZATsIY BANKOVSKOY SISTEMY ROSSIYSKOY FEDERATsII. Data
3. vvedeniya: 2010-06-21, Moskva 2010.
4. Federal'nyy zakon RF ot 27 iyulya 2006 goda ¹ 152-FZ «O personal'nykh dannykh». Garant.
5. BS 7799-1:2005 — Britanskiy standart BS 7799 pervaya chast'. BS 7799 Part 1 — Code of Practice
6. for Information Security Management (Prakticheskie pravila upravleniya informatsionnoy
7. bezopasnost'yu).
8. BS 7799-2:2005 — Britanskiy standart BS 7799 vtoraya chast' standarta. BS 7799 Part 2 — Information
9. Security management — specifi cation for information security management systems (Spetsifikatsiya sistemy
10. upravleniya informatsionnoy bezopasnost'yu)
11. GOST R ISO/MEK 15408 — «Obshchie kriterii otsenki bezopasnosti informatsionnykh tekhnologiy»
12. BS 7799-3:2006 — Britanskiy standart BS 7799 tret'ya chast' standarta.
13. Federal'nyy zakon 363 «O vnesenii izmeneniy v stat'i 19 i 25 i Federal'nogo zakona «O perso-
14. nal'nykh dannykh»». Garant.
15. Gerriti T. P. Problema upravleniya. - M.: Nauka, 1971.
16. GOST R 50922-96 Zashchita informatsii. Osnovnye terminy i opredeleniya. – M.: IPK Izdatel'stva
17. standartov, 2004, - 6s.
18. L. Chung, B. A. Nikson, Dzh. Milopolus. Nefunktsional'nye trebovaniya v proektirovanii program-
19. mnogo obespecheniya // Kluwer Academic Publishers, Boston, 2000.
20. Domarev V.V. Otsenka effektivnosti sistem zashchity informatsii // Izdatel'stvo «DiaSoft». 2007.
21. Zyryanova, T.Yu. Problema analiza informatsionnykh riskov // Sbornik dokladov // Materialy mezhdu-
22. narodnoy nauchno-tekhnicheskoy konferentsii «Nauka, innovatsii, obrazovanie, aktual'nye problemy
23. razvitiya transportnogo kompleksa Rossii».
24. Ob informatsii, informatsionnykh tekhnologiyakh i o zashchite informatsii: FZ RF ot 27.07.2006 ¹ 149-
25. FZ // Konsul'tant Plyus. Zakonodatel'stvo. Versiya-Prof.
26. Dzh. Gordiyn, V. Kartseva, Dzh. Shil'dvotch, R. Viringa, Dzh. Akkermans. Razrabotka metodov vyrabot-
27. ki spetsificheskikh trebovaniy k informatsionnym domenam organizatsii // 12th IEEE International
28. Requirements Engineering Conference, M. Aoyama, Motoshi Saeki, Neil Maiden (eds), IEEE CS, Kyoto,
29. Japan, 2004.
30. M. Saeki. Primenenie metrik v metodakh proektirovaniya informatsionnykh sistem // Proceedings of
31. CAiSE’03 Conf., Springer Verlag, 2003, str. 374-389.