METHODS OF SYSTEM ANALYSIS IN THE FORMATION OF INFORMATION SECURITY POLICY ON TRANSPORT
DOI:
https://doi.org/10.28925/2663-4023.2021.12.5160Keywords:
informational security, methods of system analysis, criterion for evaluating the information security system.Abstract
Approaches to the application of methods of system analysis to solve problems related to information security of enterprises in transport, which have a complex IT structure with a large number of components. It is shown that the active expansion of the areas of informatization of the transport industry, especially in the segment of mobile, distributed and wireless technologies, is accompanied by the emergence of new threats to information security. It is shown that in order to build an effective information security system, the selection and implementation of adequate technical means of protection should be preceded by a stage of description, analysis and modeling of threats, vulnerabilities, followed by calculation of risks for IS and determining the optimal strategy for information security system. After evaluating the different NIB options according to several criteria, a decision is made: if the recommendations coincide, the optimal solution is chosen with greater confidence. If there is a contradiction of recommendations, the final decision is made taking into account its advantages and disadvantages, for example, the strategy of information security system development is chosen, which turned out to be optimal for at least two criteria. If different NIB development strategies are obtained for all three criteria, it is necessary to vary the values of pessimism-optimism in the Hurwitz criterion or change the data, for example, about possible threats to IP or automated enterprise management system. An algorithm for modeling the decision-making process for selecting the optimal strategy for managing investment design components of the information security system for the transport business entity is proposed
Downloads
References
European Conference of Ministers of Transport (ECMT). http: // international transport forum.org/pub/pdf/06Europe-AsiaRU.pdf
Transport informatization: Best examples. http://www.cnews.ru/news/top/index.shtml?2013/02/11/518663
Volynskaya, A. V. (2004). Increasing the stability of information systems in the organization of production in transport: Author. dis. on sois. uch. step. Transport and transport-technological systems of the country, its regions and cities, organization of production in transport.
Lakhno, V.A. (2009). Ensuring the security of automated information systems of transport enterprises in the context of the growth of transit traffic. Book of Science Practitioners of the Viyskiy Institute of the Kiev National University for the Name of Taras Shevchenko, (21), 110–120.
Karpeev, D.O., Ostapenko, G.A., Belonozhkin, V.I. (2006). Risk management strategies in socio-technical information systems. Magazine "Information and Security, (2), 133-134.
Information Security Management. Audit Check List for SANS Electronic resource. / Electron, text data. and count. dan. www.sans.org / score / checklists / ISO17799checklist.pdf
The concept of the state program for the development of motor transport until 2014. http://www.ei.com.ua/news/363368-ukraina-razrabotala-koncepciju-gosprogrammy-razvitija-avtotransporta-do.html
The concept of the development of the transport and road complex (TDK) of Ukraine until 2015 and the subsequent period. http://www.uts.in.ua/ru/kontseptsiya_rozvytku_transportno-dorozhnogo_kompleksu_tdk_ ukray iny _ do_ 2015_roku_i_podals.html
Susanto H., Almunawar, M. N., & Tuan, Y. C. (2011). Information security management system standards: A comparative study of the big five. International Journal of Electrical Computer Sciences IJECSIJENS, 11(5), 23-29.
Eloff, J. H., & Eloff, M. (2003, September). Information security management: a new paradigm. In Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology (pp. 130-136).
Farn, K. J., Lin, S. K., & Fung, A. R. W. (2004). A study on information security management system evaluation-assets, threat and vulnerability. Computer Standards & Interfaces, 26(6), 501-513.
Lakhno, V. A. (2013). Problemy informatsiinoi bezpeky system dyspetcherskoho upravlinnia i zbyrannia danykh. Zbirnyk naukovykh prats Viiskovoho instytutu Kyivskoho natsionalnoho universytetu imeni Tarasa Shevchenka, (39), 168-175.
