Receipt date: 
Bibliographic description of the article: 

Nasedkin P.N. Analysis Of The Demand For Components Of The Level Of Software And Hardware Solutions Of The Enterprise In Terms Of Providing Basic Requirements For Information Security. // Informacionnye tehnologii i matematicheskoe modelirovanie v upravlenii slozhnymi sistemami: ehlektronnyj nauchnyj zhurnal [Information technology and mathematical modeling in the management of complex systems: electronic scientific journal], 2022. No. 2(14). P. 50-64. – DOI: 10.26731/2658-3704.2022.2(14).50-64 [Accessed 30/06/22]

Journal number: 


Article File: 

In this paper, based on the results of the assessment of the objects of protection of the IT infrastructure of the enterprise in the context of information properties (confidentiality, integrity and availability), the analysis of the demand for components of the level of software and hardware solutions (SHS) of a comprehensive information protec-tion system (СIPS) of the enterprise in terms of the basic requirements for information security (IS). In accordance with the value of the objects of protection (OP) the shares of participation of functionality of complexes of SHS level in the overall structure of all subsystems of CIPS and in the context of each subsystem in particular were determined. Based on the results obtained, the relevant charts and tables were built, which serve as a visual tool for grouping the demand for the components in the structure of CIPS SHS level and identifying bottlenecks in the IS of the enterprise.

List of references: 
  1. 1. Key areas of activity of the Government of the Russian Federation for the period up to 2024 [Electronic resource].  - URL: (Accessed: May 01, 2022) (in Russ.).

    2. P. N. Nasedkin, L. V. Arshinsky, and N. I. Glukhov. Primenenie nechyotkogo prisoedinyonnogo logicheskogo vyvoda v ocenke effektivnosti  funkcionirovaniya kompleksnoj sistemy zashchity informacii predpriyatij [Application Of Fuzzy Connected Logical Inference In Assessing The Effectiveness Of Functioning Of Complex Information Security System Of Enterprises]. Teoreticheskie i prikladnye voprosy realizacii proektov v oblasti informacionnoj bezopasnosti. Materialy mezhvuzovskoj nauchno-teoreticheskoj konferencii (v ramkah Si-birskogo foruma «Informacionnaya bezopasnost' – 2021»), 29 noyabrya – 3 dekabrya 2021. — Novosibirsk : Sibirskij gosudarstvennyj universitet telekommunikacij i informatiki [Theoretical and applied issues of information security projects implementation. Proceedings of the Interuniversity Scientific and Theoretical Conference (within the Siberian Forum "Information Security - 2021"), November 29 - December 3, 2021. - Novosibirsk : Siberian State University of Telecommunications and Informatics], 2021. — pp. 42-52.

    3. Glukhov N. I., Nasedkin P.N. Razrabotka elementov kompleksnoj sistemy zashchity informacii predpriyatiya [Development of elements of an integrated information protection system of the enterprise]  Informacionnye tekhnologii i problemy matematicheskogo modelirovaniya slozhnyh system [Information technologies and problems of mathematical modeling of complex systems]. Irkutsk, IrGUPS, 2011, no. 1(9), pp. 35-42.

    4.  GOST R ISO/EC 27004-2021. Information technologies (IT). Methods and means of ensuring security. Management of information security. Monitoring, security assessment, analysis and evaluation [Electronic resource].  - URL: (Accessed: May 01, 2022) (in Russ.).

    5.  GOST R ISO/MECH 27005-2010. Information technology. Methods and means to ensure security. Risk management of information security. [Electronic resource].  - URL: (Accessed: May 01, 2022) (in Russ.).

    6. Pols, Paul The Unified Kill Chain. Cyber Security Academy [Electronic resource].  - URL: (accessed 18.04.2022).

    7. ATT&CK Matrix for Enterprise [Electronic resource].  - URL: (Accessed: April 18, 2022) (in Russ.).

    8.  What MITRE techniques ATT&CK reveals PT NAD [Electronic resource].  - URL: (Accessed: April 18, 2022) (in Russ.).

    9.  Data bank of information security threats of FSTEC of Russia [Electronic resource].  - URL: (Accessed: April 18, 2022) (in Russ.).

    10. Il’chenko L. M., Bragina E. K., Egorov I. E., Zaitsev S. I. Raschet riskov informatsionnoi bezopasnosti telekommunikatsionnogo predpriiatiia. Otkrytoe obrazovanie [Calculation of information security risks of a telecommunications enterprise. Open Education], 2018, No. 2, pp. 61-70, DOI: 10.21686/1818-4243-2018-2-61-70.

    11. Guidance document. Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements for information protection // Collection of guiding documents on information protection from unauthorized access. - Moscow: State Technical Committee of the Russian Federation, 1998. - pp. 17-44. (in Russ.).

    12. Arshinskiy, L.V. Logiko-aksiologicheskiy podhod r otsenke sostoyania system [Logical-

    axiological approach to the systems state estimation (in Russian)] // So-time technologies. System analysis. Modeling. Irkutsk: IrGUPS. 2013. № 3(39). pp. 140-146.

    13. Arshinskiy, L.V. Metodika agregirovannogo otsenivania system s podderzhekoy klyuchevih komponentov [A technique of the aggregate estimation of the systems with the key components support] // Design ontology. 2015. Т. 5. № 2 (16). pp. 223-232.

    14. Arshinskiy V.L.,  Arshinskiy L.V.,  Dorzhsuren  H. Otsenka kachestva fukzionirovanya stanzii Ulan-Batorskoy xhelexnoy dorogi na osnove ontologicheskogo I produktivnogo modelirovanya [Quality  estimation  of Ulan Bator  railroad  station  functioning  on the  basis  of

    ontological and production modeling]// Modern high technology, 2018, ¹ 5. pp. 16-20.