Infokommunikacionnye tehnologiiInfokommunikacionnye tehnologii2073-3909Povolzhskiy State University of Telecommunications and Informatics5623510.18469/ikt.2017.15.4.02Research ArticleINTEGRATED ASSESSMENT OF INFORMATION SECURITY REQUIREMENTS IMPLEMENTATION IN AUTOMATED CONTROL SYSTEMS INTENDED FOR PRODUCTION AND TECHNOLOGICAL PROCESSESVasilyevVladimir Ivanovichvasilyev@ugatu.ac.ruVulfinAleksey Mikhailovichvulfin.alexey@gmail.comGuzairovMurat Bakeevichguzairov@ugatu.suKirillovaAnastasia Dmitrievnakirillova.andm@gmail.comUfa State Aviation Technical University1512201715431932520122020Copyright © 2017, Vasilyev V.I., Vulfin A.M., Guzairov M.B., Kirillova A.D.2017The goal of this paper is the further development of the mentioned approach in the form of engineering technique of evaluating the information security requirements fulfillment in automated systems using fuzzy logic methods and expert estimates. The procedure of determining the level of significance (criticality) of processed information on the basis of fuzzy rule set which accounts for possible detriments caused by violating the integrity, availability or confidentiality is proposed. After determining the information significance (criticality) level and the corresponding system security class, the evaluation of the real system security level compliance to the requirements established by the Federal Service of Technical and Export Control Order No. 31 is performed. These requirements determine the basic set of organizational and technical measures of information protection for each class of the system security. The local and group completeness indices are calculated using experts polling method according to the recommended measures of information protection. In addition to the obtained estimates of the group indices, the integral estimates of information security requirements fulfillment characterizing the average value and the spread in the values of the group indices are shown. The example illustrating the specifics of applying this technique to designing the secured automated control system is considered.automated control systeminformation securityInformation importance (criticality) levelprotection classавтоматизированная система управлениязащита информацииуровень значимости (критичности) информациикласс защищенности[Ландшафт угроз для систем промышленной автоматизации. Второе полугодие 2016 г. URL: https://ics-cert.kaspersky.ru/reports/2017 /03/28/threat-landscape-for-industrial-automa-tion-systems-in-the-second-half-of-2016/ (д.о. 17.07.2017).][Зинина О. Анализ угроз информационной безопасности 2016-2017. URL: https://www.anti-malware.ru/analytics/Threats _Analysis/Analysis_information_security_threats_2016_2017 (д.о. 17.07.2017).][WannaCry в промышленных сетях: работа над ошибками. URL: https://ics-cert.kaspersky.ru/reports/2017/06/08/wannacry-in-industrial-networks/ (д.о. 17.07.2017).][European Programme for Critical Infrastructure Protection. URL: https://ec.europa.eu/energy /en/topics/infrastructure/protection_critical_infrastructure (д.о. 20.08.2017).][ICS456: Essentials for NERC Critical Infrastructure Protection. URL: https://www.sans. org/course/essentials-for-nerc-critical-infrast-ructure-protection (д.о. 20.08.2017).][ISA/IEC 62443 Industrial Automation and Control Systems Security. URL: https://www.isa.org/isa99 (д.о. 20.08.2017).][NIST SP 800-82 Guide to Industrial Control Systems Security. URL: http://csrc.nist.gov/ publications/nistpubs/800-82/SP800-82-final. pdf (д.о. 20.08.2017).][Об утверждении «Требований к обеспечению защиты информации в автоматизированных системах управления производственными и технологическими процессами на критически важных объектах, представляющих повышенную опасность для жизни и здоровья людей и для окружающей среды». Приказ ФСТЭК России №31 от 14.03.2014. // Российская газета, 2014.][Защита АСУ ТП в России: исследуем новые требования ФСТЭК / Сопоставление требований ФСТЭК от 14 марта 2014 г. №31 с требованиями международных стандартов. URL: https://ptsecurity.com/upload/corporate /ru/download/FSTEC_N31_NERK_NIST_ISA_IEC.pdf (д.о. 17.07.2017).][Зак Ю.А. Принятие решений в условиях нечетких и размытых данных: Fuzzy-технологии. М.: Книжный дом «ЛИБРОКОМ», 2013. - 352 с.]