Authors: 
Nasedkin Pavel Nikolaevich
Glukhov Nikolay Ivanovich
Receipt date: 
01.06.2020
Section: 
4. Software and technical problems of information security
Year: 
2020
Journal number: 
2(7) 2020
УДК: 
004.056.5
DOI: 

10.26731/2658-3704.2020.2(7).24-31

Article File: 
PDF icon 24_31_nasedkingluhov.pdf
Pages: 
24
31
Abstract: 

In this paper, ontological models are constructed in the process of managing information risks and information security (IS) of business entities based on the relationship between the basic concepts in the field of information security of enterprises. The list of the main objects of enterprise protection, the composition and structure of the enterprise management information system (EMIS), information systems, information flows, types and levels of information processed by the EMIS, technical protection measures, taking into account which the main range of information protection means and their connections are determined, are determined with each other, and also reveals the main relationships of ontological models for information security and information risk management, which in the future will allow for their consideration and analysis to take optimally sufficient managerial decisions to minimize threats and obtain prognostic estimates of the level of possible damage, taking into account the sources and properties of information in the context each information asset using various methods in assessing the risks of information security (qualitative, quantitative, hybrid).

Keywords: 
sources of threats
risks
ontological model
concepts
information systems
management decisions on information security
objects of protection
List of references: 
  1.    GOST R 50922–2006. Data protection. Basic terms and definitions. Available at: http://docs.cntd.ru/document/ 1200058320 (Access: May 05,2020) (in Russ.).
  2.    GOST R ISO /IEC 15408–1–2012. Information technology. Security methods and tools. Criteria for assessing the security of information technology. Part 1. Introduction and general model. [Electronic resource] Available at: http://docs.cntd.ru/document/ 1200101777, (Access: May 05,2020) (in Russ.).
  3.    GOST R ISO /IEC 27002–2012 Information Technology (IT). Security methods and tools. Code of norms and rules of information security management  [Electronic resource] Available at: http://docs.cntd.ru/document/1200103619, (Access: May 05,2020) (in Russ.).
  4.    GOST R ISO 31000–2010. Risk management. Principles and guidelines. – M.: Standartinform, 2012  –24  p.
  5.    GOST R ISO 31010–2011. Risk management. Risk assessment methods. – M.: Standartinform, 2012. –74  p.
  6.    GOST R ISO /IEC 27001–2006. Information technology. Security methods and tools. Information Security Management Systems. Requirements. – M.: Standartinform, 2008. – 31 p.
  7. .. GOST R ISO / IEC 27005:2010. Information technology. Security methods and tools. Information Security Risk Management. – M .: Standartinform, 2011. – 94 p.
  8. .. GOST R 53114–2008. Data protection. Ensuring the information security of the organization. Key terms and definitions. – M .: Standartinform, 2009. – 20 p.
  9. .. Blinov A. M. Informacionnaya bezopasnost: ucheb. posobiye [Information security]. SPb:  SPbGUEF, 2010.  – 96 p. (in Russ.).
  10.  . Issledovanie urovnya informazionnoy bezopfsnosti v kompaniyach Rossia i SNG za 2019 god [A study of the level of information security in companies in Russia and the CIS for 2019]. [Electronic resource]. – Available at: https://searchinform.ru/research–2019/ (Access April date: 04 2020) (in Russ.).
  11. . Klimov S.M. Metodika ozenki vozmozhnogo ucherba ot narushenya bezopasnosty informazii avtomatizirovannoy sistemy [Methodology for assessing the possible damage from information security breaches of the automated system]. Izvestia TRTU, 2003, no. 4  (33). – P. 27–31. (in Russ.).
  12. . Legchekova E.V, Titov O.V Metod rasheta riska informazionnoy bezopasnosty [The method of calculating information security risk]. Collection of scientific articles of the international scientific-practical conference "Problems and prospects of electronic business" – Gomel, Publishing House of the Belarusian Trade and Economic University of Consumer Cooperatives, 2017 P. 87–89.
  13. . Nesterov S.A. Analiz i upravlenie riskami v sfere informazionnoy bezopasnosty [Analysis and risk management in the field of information security]. [Electronic resource] – Available at:  http://window.edu.ru/resource/443/57443, (Access May 18 2020). – St. Petersburg, 2007. – 1 email. Archive (nesterov-security.zip) (in Russ.).
  14.  . Upravlenye riskami. Model bezopasnosty s polnym perecrytiem.[Risk management. Security model with full overlap]. Available at: https://www.intuit.ru/studies/courses/531/387/lecture/8990 (Access May 18 2020) (in Russ.)..
  15. . Shinakov K.E. Minimizazia riskov narushenya bezopasnosty pri postroenyii sistemyzachity personalnych dannych: avtoreferat dissertazii [Minimizing the risks of security breaches when building a personal data protection system]. Bryansk, 2017. – P. 70–97 (in Russ.).
  16. . ISO / IEC 27000–1: 2018. Information technology – Service management – Part 1: Service management system requirements [Electronic resource]. – Available at: https: //www.iso.org/obp/ui/#iso: std: iso–iec: 20000: –1:  ed–3: v1: en, (Access May 18 2020).
  17. . ISO 31000:2018 – Risk management – Guidelines [Electronic resource] – Available at: https://risk-academy.ru/download/iso31000/, (Access May 18 2020).