RESEARCH OF METHODS FOR MONITORING THE LEVEL OF INFORMATION SECURITY AT CRITICAL INFORMATION INFRASTRUCTURE FACILITIES

Voprosy kiberbezopasnosti Pub Date : 1900-01-01 DOI:10.21681/2311-3456-2022-6-40-52

I. Livshitz, Andrew Baksheev

{"title":"RESEARCH OF METHODS FOR MONITORING THE LEVEL OF INFORMATION SECURITY AT CRITICAL INFORMATION INFRASTRUCTURE FACILITIES","authors":"I. Livshitz, Andrew Baksheev","doi":"10.21681/2311-3456-2022-6-40-52","DOIUrl":null,"url":null,"abstract":"Purpose of work is to analyze the existing practices of performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC), used to obtain objective and reliable data for operational security assessments of the CII objects and development of an IT-security audit model for CII objects. Research method: methods of analysis and structural decomposition from the theory of system analysis, identifying signs essential for optimizing the process of IT-security audit for CII objects. Research result: include the detailed analysis and comparison of the existing best practices for performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC) for CII objects. A model of IT-security audit for CII objects has been developed. Scientific novelty: an IT-security audit model for CII facilities, characterized by the possibility of a “dual” mode for a full cycle of ensuring the safety of CII facilities – a full national conditional mode and a combined conditional mode, which allows, if necessary, to include additional functional blocks","PeriodicalId":422818,"journal":{"name":"Voprosy kiberbezopasnosti","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Voprosy kiberbezopasnosti","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21681/2311-3456-2022-6-40-52","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Purpose of work is to analyze the existing practices of performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC), used to obtain objective and reliable data for operational security assessments of the CII objects and development of an IT-security audit model for CII objects. Research method: methods of analysis and structural decomposition from the theory of system analysis, identifying signs essential for optimizing the process of IT-security audit for CII objects. Research result: include the detailed analysis and comparison of the existing best practices for performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC) for CII objects. A model of IT-security audit for CII objects has been developed. Scientific novelty: an IT-security audit model for CII facilities, characterized by the possibility of a “dual” mode for a full cycle of ensuring the safety of CII facilities – a full national conditional mode and a combined conditional mode, which allows, if necessary, to include additional functional blocks

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

关键信息基础设施信息安全水平监测方法研究

工作目的是分析执行安全分析和it -安全审计的现有实践(NIST, OWASP, Cobit, OSSTMM, PTES和GOST R ISO/IEC)，用于获取客观可靠的数据，用于CII对象的操作安全评估和CII对象的it -安全审计模型的开发。研究方法:从系统分析理论出发，采用分析和结构分解的方法，找出CII对象it安全审计流程优化所必需的标志。研究结果:包括对CII对象执行安全分析和it安全审计的现有最佳实践(NIST、OWASP、Cobit、OSSTMM、PTES和GOST R ISO/IEC)的详细分析和比较。已经开发了用于CII对象的it安全审计模型。科学新颖性:一种CII设施的it安全审计模式，其特点是在确保CII设施安全的整个周期中可能采用“双重”模式——一种完整的国家条件模式和一种组合条件模式，必要时允许包括额外的功能块

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Voprosy kiberbezopasnosti

自引率

0.00%

发文量