The Modeling of Processes of Design of Information Protection Systems in Financial Information Systems

封面

如何引用文章

全文:

开放存取 开放存取
受限制的访问 ##reader.subscriptionAccessGranted##
受限制的访问 订阅存取

详细

The relevance and necessity of implementing measures to protect information in banks, as well as in other organizations of the financial and credit sphere of activity is due to a number of reasons. Firstly, these are the requirements of regulators in the field of information security. For systems of this type, there are also requirements for information security measures, which are set out in GOST R 57580.1–2017. Secondly, it is the objective presence of threats of various nature that require mandatory neutralization and exist in many modern information systems. In order to ensure information security, the security mechanisms used in the banking sector should take into account such factors as a significant amount of processed information, the need to ensure correct, stable and trouble-free operation, the multi-user nature of access to information resources, and ensuring the security of managed equipment. It is particularly worth highlighting the fact that failures and errors in the operation of banking information systems can entail not only economic damage or negative social consequences. In general, ensuring the information security of banking facilities is one of the most important tasks currently being solved at the state level, since they directly affect the stability of its economy. These circumstances determine the relevance of writing the article. The purpose of writing this paper is to develop a set of models describing the features of organizational, legal and technical processes that must be performed in banking information systems. As a methodological basis for writing the work, GOST R 57580.1–2017, as well as regulatory legal acts of the FSTEC of Russia, which are in the public domain, were used. To describe the ongoing work that must be performed to ensure the protection of information in banking information systems, the methodology of functional graphical modeling IDEF0 was used. The result of the research presented in this paper is a set of graphical and symbolic models describing the processes performed at the stages of designing and functioning of the information security system in critical information infrastructures.

全文:

受限制的访问

作者简介

Yaroslav Prokushev

Plekhanov Russian University of Economics

编辑信件的主要联系方式.
Email: prokye@list.ru
ORCID iD: 0000-0002-7219-7581

Cand. Sci. (Econ.), Associate Professor; associate professor at the Department of Applied Informatics and Information Security

俄罗斯联邦, Moscow

Sergei Ponomarenko

Belgorod University of Cooperation, Economics and Law

Email: kaf-otzi-spec@bukep.ru

Cand. Sci. (Econ.), Associate Professor; Professor at the Department of Information Security Organization and Technology

俄罗斯联邦, Belgorod

Riyan Maksimov

Belgorod University of Cooperation, Economics and Law

Email: maksimov.riyan@mail.ru

postgraduate student at the Department of Information Security

俄罗斯联邦, Belgorod

参考

  1. Ponomarenko S.V., Prokushev Ya.Е., Ponomarenko S.A. Information security of critical information infrastructure systems. Monography. Belgorod: BUKEP, 2021. 133 p.
  2. Prokushev Ya.Е., Ponomarenko S.V., Ponomarenko S.A. The modeling of information security system design processes in state information systems. Computational Nanotechnology. 2021. Vol. 8. No. 1. Pp. 26–37. (In Rus.)
  3. Prokushev Ya.E., Ponomarenko S.V. Comparative analysis of software and hardware protection of information used in information systems of personal data. Information and Security. 2012. Vol. 15. No. 1. Pp. 31–36. (In Rus.)
  4. Prokushev Ya.Е., Ponomarenko S.V., Shishov N.V. The modeling of processes of design of information protection systems in critical information infrastructures. Computational Nanotechnology. 2022. Vol. 9. No. 2. Pp. 45–55. (In Rus.)
  5. Prokusheva A.P., Prokushev Ya.E. Modeling and optimization of the choice of software and hardware protection of information from the point of view of economic and technical expediency. Information and Security. 2012. Vol. 15. No. 1. Pp. 55–60. (In Rus.)
  6. Mattord H., Whitman M. Management of information security. 6th ed. Cengage Learning, 2019. 752 p.
  7. Rohit Tanwar. Information security and optimization. CRC Press, 2021. 224 p.
  8. Whitman M.E. et al. PRSCIiples of information security. 6th ed. Cengage Learning, 2017. 656 p.

补充文件

附件文件
动作
1. JATS XML
下载
2. Fig-1. The choice of information protection measures in financial organizations

下载 (354KB)
索引源数据
3. Fig. 2. Detailing the process of applying the information security system

下载 (296KB)
索引源数据
4. Fig. 3. The Ensuring of the protection of information during access control

下载 (333KB)
索引源数据
5. Fig. 4. Ensuring the protection of the computer network

下载 (319KB)
索引源数据
6. Fig. 5. То ensure the control of the integrity of the information infrastructure

下载 (290KB)
索引源数据
7. Fig. 6. То provide the layered protection against the viruses and malware

下载 (307KB)
索引源数据
8. Fig. 7. Modeling the process of preventing information leakage

下载 (277KB)
索引源数据
9. Fig. 8. The model of control of permitted information exchange channels

下载 (362KB)
索引源数据
10. Fig. 9. The simulation of the process of ensuring the protection of virtualization systems

下载 (287KB)
索引源数据
11. Fig. 10. Providing protection when using mobile devices

下载 (206KB)
索引源数据
12. Fig. 11. Detailed process of ensuring accounting and secure storage of events

下载 (236KB)
索引源数据


##common.cookie##