Integrated assessment of information security requirements implementation in automated control systems intended for production and technological processes

The goal of this paper is the further development of the mentioned approach in the form of engineering technique of evaluating the information security requirements fulfillment in automated systems using fuzzy logic methods and expert estimates. The procedure of determining the level of significance (criticality) of processed information on the basis of fuzzy rule set which accounts for possible detriments caused by violating the integrity, availability or confidentiality is proposed. After determining the information significance (criticality) level and the corresponding system security class, the evaluation of the real system security level compliance to the requirements established by the Federal Service of Technical and Export Control Order No. 31 is performed. These requirements determine the basic set of organizational and technical measures of information protection for each class of the system security. The local and group completeness indices are calculated using experts polling method according to the recommended measures of information protection. In addition to the obtained estimates of the group indices, the integral estimates of information security requirements fulfillment characterizing the average value and the spread in the values of the group indices are shown. The example illustrating the specifics of applying this technique to designing the secured automated control system is considered.