350 rub
Journal Highly available systems №3 for 2013 г.
Article in number:
The semantic description of factors of safety of information systems at design of systems of protection
Keywords:
ontology
business process
model of threats
model of the violator
protection system
mechanisms and means of protection
Authors:
O.V. Lukinova - Research Scientist, Jnstitute of control V.A. Trapeznikova RAS. E-mail: lobars@mail.ru
Abstract:
The area of scientific knowledge connected with structural modeling of concepts of such subject domain as information security, practically isn't investigated by experts. Only in the last year - two there was some operation in this direction.
In this work the following classes of the concepts relating to the organization of protection of information systems in the form of program and technical complexes are allocated and presented on the basis of formalism of ontologies:
1. Business model, as a set of the automated business processes constructed in the network environment and protection which was objects.
2. The criteria of safety describing that quality of safety which information system has to possess.
3. The model of threats including such concepts as vulnerability of the information environment of realization of business process, the violator, possible attacks.
4. The protection system, represents a complex of hardware-software protective equipment which, in turn, realize these or those mechanisms ensuring safety of object of protection.
5. Risks which are born by the enterprise in case safety of its business processes owing to realization of information threats will be broken.
The presented ontology allows to solve some problems: to become a basis of semantic uniformity of concepts of information security, to be used as model of data for the INFORMATION RETRIEVAL SYSTEM and base of the facts of a logical conclusion at the automated design of systems of protection.
Pages: 149-156
References
- Gavrilova T.N., Xoroshevskij V.F. Bazy' znanij intellektual'ny'x sistem. SPb.: Piter. 2000. 384 s.
- ISO/IEC TR 14252-96 Information technology. Guide to the POSIX Open System Environment (OSE).
- Skripkin K. G. E'konomicheskaya e'ffektivnost' informaczionny'x sistem. M.: DMK-press. 2002.
- GOST R 50922-2006. Zashhita informaczii. Osnovny'e terminy' i opredeleniya. M.: Standartinform. 2008.
- Lukinova O.V. Metodologiya proektirovaniya sistem zashhity', postroenny'x na osnove referensnoj modeli POSIX OSE/RM // Sistemy' vy'sokoj dostupnosti. 2012. № 3. S.38-45.
- Kotenko I.V., Polubelova O.V., Saenko I.B., Chechulin A.A. Primenenie ontologij i logicheskogo vy'voda dlya upravleniya informacziej i soby'tiyami bezopasnosti // Sistemy' vy'sokoj dostupnosti. 2012. №2. T.8. S.100-108.