{"title":"ON MODELS AND METHODS OF PROBABILISTIC ANALYSIS OF INFORMATION SECURITY IN STANDARDIZED PROCESSES OF SYSTEM ENGINEERING","authors":"A. Kostogryzov","doi":"10.21681/2311-3456-2022-6-71-82","DOIUrl":null,"url":null,"abstract":"Purpose: rational and description of the methodological apparatus of system engineering in terms of risk prediction, taking into account the requirements for information protection. Research methods include: methods of probability theory, risk-oriented models for predictive analysis of standardized processes of system engineering. Result: interrelated models and methods systematized for use in the planning and implementation of standardized processes of system engineering are described. Their use makes it possible to analyze the impact of information security in terms of predicted risks. Methods and models are implemented in a set of system engineering standards and analytically support the effective implementation of agreement, organizational project- enabling, technical management and technical processes according to GOST R 57193 (ISO/IEC/IEEE 15288) in relation to systems for various purposes (a total of 30 processes). The proposed models and methods of system analysis of information security in standardized processes of system engineering develop established approaches to risk prediction, ensuring and improving system security. The use of the proposed models and methods in the life cycle of systems helps to identify «bottlenecks», rational ways to reduce risks in the implemented standardized processes, taking into account the requirements for information protection, supports the making decisions in analytical problems of system engineering. Scientific novelty: the proposed methodological apparatus develops the existing approaches to risk prediction, ensuring and improving systems security. The ideas are implemented in the national standards GOST R 59329 – GOST R 59357. They allow enterprises to move to the pragmatic implementation of a risk-based approach using the analytical capabilities of solving inverse problems of effective security control, based on the specified level of acceptable risk.","PeriodicalId":422818,"journal":{"name":"Voprosy kiberbezopasnosti","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Voprosy kiberbezopasnosti","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21681/2311-3456-2022-6-71-82","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Purpose: rational and description of the methodological apparatus of system engineering in terms of risk prediction, taking into account the requirements for information protection. Research methods include: methods of probability theory, risk-oriented models for predictive analysis of standardized processes of system engineering. Result: interrelated models and methods systematized for use in the planning and implementation of standardized processes of system engineering are described. Their use makes it possible to analyze the impact of information security in terms of predicted risks. Methods and models are implemented in a set of system engineering standards and analytically support the effective implementation of agreement, organizational project- enabling, technical management and technical processes according to GOST R 57193 (ISO/IEC/IEEE 15288) in relation to systems for various purposes (a total of 30 processes). The proposed models and methods of system analysis of information security in standardized processes of system engineering develop established approaches to risk prediction, ensuring and improving system security. The use of the proposed models and methods in the life cycle of systems helps to identify «bottlenecks», rational ways to reduce risks in the implemented standardized processes, taking into account the requirements for information protection, supports the making decisions in analytical problems of system engineering. Scientific novelty: the proposed methodological apparatus develops the existing approaches to risk prediction, ensuring and improving systems security. The ideas are implemented in the national standards GOST R 59329 – GOST R 59357. They allow enterprises to move to the pragmatic implementation of a risk-based approach using the analytical capabilities of solving inverse problems of effective security control, based on the specified level of acceptable risk.
目的:考虑到信息保护的要求,从风险预测的角度对系统工程的方法设备进行理性和描述。研究方法包括:概率论方法、面向风险的系统工程标准化过程预测分析模型。结果:描述了系统工程标准化过程的规划和实施中使用的相关模型和方法。它们的使用使得根据预测的风险来分析信息安全的影响成为可能。方法和模型在一套系统工程标准中实施,并根据GOST R 57193 (ISO/IEC/IEEE 15288),分析支持协议、组织项目启用、技术管理和技术过程的有效实施,这些过程与各种目的的系统(总共30个过程)有关。提出了系统工程标准化过程中信息安全系统分析的模型和方法,建立了风险预测、保障和提高系统安全性的方法。在系统生命周期中使用所建议的模型和方法有助于识别“瓶颈”,在实施的标准化过程中合理地减少风险,考虑到信息保护的要求,支持在系统工程的分析问题中做出决策。科学新颖性:提出的方法装置发展了现有的风险预测方法,确保和提高系统安全性。这些想法在国家标准GOST R 59329 - GOST R 59357中得到了实施。它们允许企业根据指定的可接受风险级别,使用解决有效安全控制的逆向问题的分析能力,转向基于风险的方法的实用实现。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
