FORMATION OF A MODEL OF INFORMATION SECURITY POLICY BASED ON THE “DEFENSE-IN-DEPTH” CONCEPTS

PDF (Українська)

Keywords

concept of
information protection
information security policy
information security
model of formation of information security policy
threats

How to Cite

Diachkov, D. V. (2019). FORMATION OF A MODEL OF INFORMATION SECURITY POLICY BASED ON THE “DEFENSE-IN-DEPTH” CONCEPTS. Entrepreneurship and Trade, (25), 116-121. https://doi.org/10.36477/2522-1256-2019-25-17

Abstract

The article substantiates the importance of building an effective information security policy for the subjects of makro- and micro levels in the context of informatization of world economic processes. The purpose of the article was to analyze the existing models of information security policy formulation and to develop the model of information security policy based on the combination of the " defense-in-depth " and "mind map" concept . The tasks of the article were solved using the following general scientific and special methods of research: analysis and synthesis, systematization and generalization, dialectical approach. The traditional and the latest models of information security policy formation were considered, the main ones being: Bell-LaPadula model, Biba model, Clark-Wilson model, discretionary (matrix) model, Adept-50 model, MITER ATT & CK ™ model, " Diamond model ", model" The pyramid of pain ". Their advantages to disadvantages were determined. A model of information security policy formation based on the "defense-in-depth" and "mind map" concepts was proposed. The concept of "defense-in-depth" is that information security mechanisms are stratified and thus increase the security of the system as a whole.The concept was proposed that information security mechanisms were stratified, and thus increase the security of the system as a whole. The "defense-in-depth" concept defines three levels of information security organization: physical, technical, administrative. At the same time, this model includes many components: personnel (people), technology, operating system, monitoring and various aspects of security as key components of information security. The proposed model was formalized in the form of a "mind map", which organizes the main categories from both organizational and technical aspects of protection and, at the same time, takes into account the functionality of key elements: people, policy, monitoring and security indicators. The model of information security policy, based on the concept of "defense-in-depth", recommends focusing on all levels and areas of information resources protection, and the use of "mind map" will allow to define and select that set of procedures, rules and tools that will provide the most appropriate and optimal information security policy.

https://doi.org/10.36477/2522-1256-2019-25-17
PDF (Українська)

References

Богомолов С. А. Модели типовых политик безопасности. - 2016 URL: https://infourok.ru/lekciya-po-zaschite-informacii-modeli-bezopasnosti-927637.html (дата звернення 12.12.2019 р.).

Зегджа Д. П. Основы безопасности информа-ционных систем / Зегджа Д. П., Ивашко А. М. - М. : Горячая линия – Телеком, 2000. – 452 с.

Мельник М. О. Аналіз побудови моделі полі-тики інформаційної безпеки підприємства / Мель-ник М. О., Нікітин Г. Д., Мезенцева К. О. // Системи обробки інформації. – 2017. – Вип. 2(148). – С. 126-128.

Милославская Н. Г. Интрасети: доступ в Internet, защита : учебное пособие для вузов / Мило-славская Н. Г., Толстой А. И. – М. : ЮНИТИ – ДАНА, 2000. – 527 с.

Модели в информационной безопасности. URL: https://habr.com/ru/post/467269/ (дата звернення 19.12.2019 р.).

Петров А. А. Компьютерная безопасность. Криптографические методы защиты информации / Петров А. А. – М. : ДМК, 2000. – 448 с.

Ревнивых А. В. Обзор политик информацион-ной безопасности / Ревнивых А. В., Федотов А. М. // Вестник НГУ. Серия: Информационные технологии. – 2012. – №3. URL: https://cyberleninka.ru/article/n/obzor-politik-informatsionnoy-bezopasnosti (дата звернення 15.12.2019 р.).

Степанов В. Ю. Інформаційна безпека як складова державної інформаційної політики / Степа-нов В. Ю. // Державне будівництво. – 2016. – № 2. URL: http://www.kbuapa.kharkov.ua/e-book/db/2016-2/doc/1/02.pdf (дата звернення 15.12.2019 р.).

Чуруброва С. М. Політика інформаційної без-пеки в системах інформаційно-аналітичного забез-печення підтримки прийняття організаційних рі-шень / Чуруброва С. М. // Проблеми програмування. –2016. – № 4. – С. 97-103.

Ярочкин В. И. Служба безопасности ком-мерческого предприятия / Ярочкин В. И. – М. : Ось-89, 1995. – 144 с.

Caballero A. Information security essentials for it managers: protecting mission-critical systems. Syngress, 2013. URL : https://booksite.elsevier.com/samplechapters/9781597495332/02~Chapter_1.pdf (дата звернення 19.12.2019 р.).

Defense in Depth: A Practical Strategy for Achieving Information Assurance in Today’s Highly Networked Environments. National Security Agency, Information Assurance Solutions Group – STE 6737.

REFERENCES

Bohomolov, S. A. (2016), Modely typovykh polytyk bezopasnosty, available at: https://infourok.ru/lekciya-po-zaschite-informacii-modeli-bezopasnosti-927637.html (data zvernennia 12.12.2019 r.).

Zehdzha, D. P. and Yvashko, A. M. (2000), Osnovy bezopasnosty ynformatsyonnykh system, Horiachaia lynyia – Telekom, M., 452 s.

Mel'nyk, M. O. Nikityn, H. D. and Mezentseva, K. O. (2017), Analiz pobudovy modeli polityky informatsijnoi bezpeky pidpryiemstva, Systemy obrobky informatsii, vyp. 2(148), s. 126-128.

Myloslavskaia, N. H. and Tolstoj, A. Y. (2000), Yntrasety: dostup v Internet, zaschyta : uchebnoe posobye dlia vuzov, YuNYTY – DANA, M., 527 s.

Modely v ynformatsyonnoj bezopasnosty, available at: https://habr.com/ru/post/467269/ (data zvernennia 19.12.2019 r.).

Petrov, A. A. (2000), Komp'iuternaia bezopasnost'. Kryptohrafycheskye metody zaschyty ynformatsyy, DMK, M., 448 s.

Revnyvykh, A. V. and Fedotov, A. M. (2012), Obzor polytyk ynformatsyonnoj bezopasnosty, Vestnyk NHU. Seryia: Ynformatsyonnye tekhnolohyy, №3, available at: https://cyberleninka.ru/article/n/obzor-politik-informatsionnoy-bezopasnosti (data zvernennia 15.12.2019 r.).

Stepanov, V. Yu. (2016), Informatsijna bezpeka iak skladova derzhavnoi informatsijnoi polityky, Derzhavne budivnytstvo, № 2, available at: http://www.kbuapa.kharkov.ua/e-book/db/2016-2/doc/1/02.pdf (data zvernennia 15.12.2019 r.).

Churubrova, S. M. (2016), Polityka informatsijnoi bezpeky v systemakh informatsijno-analitychnoho zabezpechennia pidtrymky pryjniattia orhanizatsijnykh rishen', Problemy prohramuvannia, № 4, s. 97-103.

Yarochkyn, V. Y. (1995), Sluzhba bezopasnosty kommercheskoho predpryiatyia, Os'-89, M., 144 s.

Caballero A. (2013), Information security essentials for it managers: protecting mission-critical systems. Syngress, available at : https://booksite.elsevier.com/samplechapters/9781597495332/02~Chapter_1.pdf (data zvernennia 19.12.2019 r.).

Defense in Depth: A Practical Strategy for Achieving Information Assurance in Today's Highly Networked Environments. National Security Agency, Information Assurance Solutions Group – STE 6737.