10.26731/2658-3704.2021.3(11).59-66
This article examines the ontological model of information flow management in the enterprise, taking into account the levels of confidentiality and for the first time proposed a general ontology in terms of the main basic concepts and their relationships affecting the determination of the negative consequences and assessment of the criticality of information and/or information asset of the enterprise.
As a result of the study, considered in this work ontological model of information flow management in the enterprise, taking into account the levels of confidentiality can be further laid down in the basis of a comprehensive assessment of information security enterprise and get an aggregate assessment of the effectiveness of information protection at the enterprise.
1.
1. Federal Law No. 98-FZ of 29.04.2004 «O kommrcheskoy tayne» [«On Commercial Secrets»].
2. Federal Law No. 149-FZ dated 27.07.2006 «O Informazii, Informazionyh Technologiah i ozachite informazii» [«On Information, Information Technologies and Information Protection»].
3. Federal Law dated 27.07.2006 No. 152-FZ «O personalnyh dannyh [«On Personal Data»].
4. Federal Law No. 187-FZ of 26.07.2017 «O bezopasnoti kriyicheskoy informazionnoy infrastructury Rossiyskoy Federazii» [«On Security of Critical Information Infrastructure of the Russian Federation»].
5. Order of the FSTEC of Russia No. 17 dated 11.02.2013 «Ob utverzhdenii Trebovaniy о zashite informatsii, ne sostavlayushei gosudarstvennuyu tainu, soderzhasheisya v gosudarstvennih informatsiohnnyh sistemah» [«On Approval of the Requirements for the Protection of information that does not constitute a State secret contained in State Information Systems»].
6. Order of the FSTEC of Russia No. 21 of 18.02.2013 «Ob utverzhdenii Sostava i soderzhaniya organizatsionnyh i technicheskih mer po obespecheniyu bezopasnosti personalnih dannih pri ih obrabotke v informatsionnyh sistemah personalbyh dannyh» [«On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems»].
7. Glukhov N.I. Otsenka informazionnyh riskov predriatia: a textbook [Assessment of information risks of the enterprise]/Irkutsk: IrGUPS, 2013. - 148 pp.
8. ISO/IEC TR 13335 Information technology - Guidelines for the management of IT security.
9. Arshinskiy, L.V. Logiko-aksiologicheskiy podhod r otsenke sostoyania system [Logical-axiological approach to the systems state estimation (in Russian)] // So-time technologies. System analysis. Modeling. Irkutsk: IrGUPS. 2013. № 3(39). pp. 140-146.
10.Arshinskiy, L.V. Metodika agregirovannogo otsenivania system s podderzhekoy klyuchevih komponentov [A technique of the aggregate estimation of the systems with the key components support] // Design ontology. 2015. Т. 5. № 2 (16). pp. 223-232.
11. Arshinskiy V.L., Arshinskiy L.V., Dorzhsuren H. Otsenka kachestva fukzionirovanya stanzii Ulan-Batorskoy xhelexnoy dorogi na osnove ontologicheskogo I produktivnogo modelirovanya [Quality estimation of Ulan Bator railroad station functioning on the basis of ontological and production modeling]// Modern high technology, 2018, ¹ 5. pp. 16-20.
12. Konev, A.A. Podhod k opisanyu strucruty sistemi zachity infirmazii [Approach to the information protection system structure description] / A.A. Konev, E.M. Davydova // TUSUR reports. - – 2013. - – № 2(28). - – pp. 107–111.
13. Shangin V. F. Kompeksnaya zachita informazii v korporativnyh sistemah: a training manual [Comprehensive protection of information in corporate systems]/ Moscow: Forum, Infra-M, 2010. 592 p.ISBN 978-5-16-003746-2.