G.P. Akimova - Ph. D. (Eng.), Leading Research Scientist, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: akimova@isa.ru A.Yu. Danilenko - Ph. D. (Phys.-Math.), Head of Laboratory, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: danilenko@isa.ru M.A. Pashkin - Research Scientist, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: pashkin@isa.ru E.V. Pashkina - Research Scientist, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: pashkina@isa.ru A.A. Podrabinovich - Research Scientist, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: podrabinovich@isa.ru

In accordance with the current legislation a significant part of procurement procedures, both public and commercial, is carried out in electronic form. To implement such an interaction separate legal entities, which have the appropriate hardware and software are or-ganized, they called the electronic trading platform (ETP). Because the information systems of these organizations handle confidential information (trade secrets as well as personal data), one must ensure reliable protection of the information files, that is to ensure the confidentiality, integrity and availability of all data. It follows from the business logic that among the known access control models, ie, discretionary, role and credentials, in this case, is the preferred role model, supplemented by elements of the discretionary principle, because for the majority of data objects in the right of action available to them are not available for all employees of accredited organizations, but only to the employees of specific organization of a supplier or a customer. Safety features that are part of the ACT ETP cannot reliably ensure data security without development, and strict implementation of the complex of organizational and technical measures. This package should include activities relating to more than one category: the selection and training of personnel, physical security of premises and computers, measures to prevent unauthorized access to the means of computing (blocking of workstations, monitors occupancy), documenting all aspects of the operating system, etc. Please note that end-users are not ETP experts in the field of electronic trading and information security, and representatives of very different, unrelated to computer technology, professions. In this regard, of paramount importance ETP training users to use this method as a full-time and distance learning. Note that the skills and personal qualities of employees ETP, especially system administrators and security administrators are of paramount importance for the normal functioning of all hardware and software ETP. In this regard, the heads of sites organize continuous training of its staff, and in this case is very important technical support staff ETP by software developers, which is regularly being finalized in terms of error correction, and on-demand management of the ETP, including iz due to changes in the regulatory framework.

 

1. O kontraktnojj sisteme v sfere zakupok tovarov, rabot, uslug dlja obespechenija gosudarstvennykh i municipalnykh nuzhd. Federalnyjj zakon № 44-FZ ot 05 aprelja 2013 g.
2. O personalnykh dannykh. Federalnyjj zakon № 152-FZ ot 27 ijulja 2006 g.
3. Ob utverzhdenii sostava i soderzhanija organizacionnykh i tekhnicheskikh mer po obespecheniju bezopasnosti personalnykh dannykh pri ikh obrabotke v informacionnykh sistemakh personalnykh dannykh. Prikaz FSTEHK Rossii ot 18 fevralja 2013 g. № 21.
4. Ob utverzhdenii trebovanijj k zashhite personalnykh dannykh pri ikh obrabotke v informacionnykh sistemakh personalnykh dannykh. Postanovlenie Pravitelstva RF ot 1 nojabrja 2012 g. № 1119.
5. Ob utverzhdenii trebovanijj o zashhite informacii, ne sostavljajushhejj gosudarstvennuju tajjnu, soderzhashhejjsja v gosudarstvennykh informacionnykh sistemakh. Prikaz FSTEHK Rossii ot 11 fevralja 2013 g. № 17.
6. Obespechenie informacionnojj bezopasnosti organizacijj bankovskojj sistemy RF. Obshhie polozhenija. Standart Banka Rossii STO BR IBBS-1.0-2008. Data vvedenija 01.05.2009. http://www.cbr.ru/credit/Gubzi_docs/st10-08.pdf.