Selecting safety package components of enterprise information system following requirements of standard legal documents
Автор: Vitenburg E.A., Levtsova A.A.
Журнал: Вестник Донского государственного технического университета @vestnik-donstu
Рубрика: Информатика, вычислительная техника и управление
Статья в выпуске: 3 т.18, 2018 года.
Бесплатный доступ
Introduction. Production processes quality depends largely on the management infrastructure, in particular, on the information system (IS) effectiveness. Company management pays increasingly greater attention to the safety protection of this sphere. Financial, material and other resources are regularly channeled to its support. In the presented paper, some issues on the development of a safety enterprise information system are considered.Materials and Methods. Protection of the enterprise IS considers some specific aspects of the object, and immediate threats to IT security. Within the framework of this study, it is accepted that IS are a complex of data resources. A special analysis is resulted in determining categories of threats to the enterprise information security: hacking; leakage; distortion; loss; blocking; abuse. The connection of these threats, IS components and elements of the protection system is identified. The requirements of normative legal acts of the Russian Federation and international standards regulating this sphere are considered. It is shown how the analysis results enable to validate the selection of the elements of the IS protection system.Research Results. A comparative analysis of the regulatory literature pertinent to this issue highlights the following. Different documents offer a different set of elements (subsystems) of the enterprise IS protection system. To develop an IS protection program, you should be guided by the FSTEC Order No. 239 and 800-82 Revision 2 Guide to ICS Security.Discussion and Conclusions. The presented research results are the basis for the formation of the software package of intellectual support for decision-making under designing an enterprise information security system. In particular, it is possible to develop flexible systems that allow expanding the composition of the components (subsystems).
Information system, information security, information security system, information security subsystems
Короткий адрес: https://sciup.org/142214960
IDR: 142214960 | DOI: 10.23947/1992-5980-2018-18-3-333-338