METHODS OF SYSTEM ANALYSIS IN THE FORMATION OF INFORMATION SECURITY POLICY ON TRANSPORT
DOI:
https://doi.org/10.28925/2663-4023.2021.13.8191Keywords:
informational security; methods of system analysis; criterion for evaluating the information security systemAbstract
Approaches to the application of methods of system analysis to solve problems related to information security of enterprises in transport, which have a complex IT structure with a large number of components.
It is shown that the active expansion of the areas of informatization of the transport industry, especially in the segment of mobile, distributed and wireless technologies, is accompanied by the emergence of new threats to information security. It is shown that in order to build an effective information security system, the selection and implementation of adequate technical means of protection should be preceded by a stage of description, analysis and modeling of threats, vulnerabilities, followed by calculation of risks for IS and determining the optimal strategy for information security system. After evaluating the different NIB options according to several criteria, a decision is made: if the recommendations coincide, the optimal solution is chosen with greater confidence. If there is a contradiction of recommendations, the final decision is made taking into account its advantages and disadvantages, for example, the strategy of information security system development is chosen, which turned out to be optimal for at least two criteria. If different NIB development strategies are obtained for all three criteria, it is necessary to vary the values of pessimism-optimism in the Hurwitz criterion or change the data, for example, about possible threats to IP or automated enterprise management system.
An algorithm for modeling the decision-making process for selecting the optimal strategy for managing investment design components of the information security system for the transport business entity is proposed.
Downloads
References
How to Secure Apache Web Server with ModEvasive on Ubuntu 16.04. https://www.alibabacloud.com/blog/how-to-secure-apache-web-server-with-modevasive-on-ubuntu-16-04_594051
How to Set Up ModSecurity with Apache on Debian/Ubuntu. https://www.linuxbabe.com/security/modsecurity-apache-debian-ubuntu
How To Use Apache as a Reverse Proxy with mod_proxy on Ubuntu 16.04. https://www.digitalocean.com/community/tutorials/how-to-use-apache-as-a-reverse-proxy-with-mod_proxy-on-ubuntu-16-04
NanoPI R1 – FriendlyARM Wiki. http://wiki.friendlyarm.com/wiki/index.php/NanoPi_R1
Open Source Web Application Firewall for Better Security. https://geekflare.com/open-source-web-application-firewall/
WAF vs. Firewall: Web Application & Network Firewalls. https://www.fortinet.com/resources/cyberglossary/waf-vs-firewall
Web Application Architecture: How the Web Works. https://www.altexsoft.com/blog/engineering/web-application-architecture-how-the-web-works/
What is a Reverse Proxy Server? https://oxylabs.io/blog/reverse-proxy
What is a web application firewalll (WAF)? https://cybersecurity.att.com/blogs/security-essentials/explain-how-a-web-application-firewall-works
What is Web Application Architecture? Components, Models, and Types. https://hackr.io/blog/web-application-architecture-definition-models-types-and-more.
Raznytsa mezhdu obratnыm y priamыm proksy. https://ip-calculator.ru/blog/ask/raznitsa-mezhdu-obratnym-i-pryamym-proksi/
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.