Journal Highly available systems №2 for 2019 г.
Article in number:
Approach to automate business processes of scientific organization. Part 2. Information security
Type of article: scientific article
DOI: 10.18127/j20729472-201902-02
UDC: 004.031.42; 004.415.2; 004.056
Authors:

G.P. Akimova – Ph.D.(Eng.), Leading Research Scientist, 

Institute for Systems Analysis of FRC CSC RAS (Moscow)

E-mail: akimova@isa.ru

A.Yu. Danilenko – Ph.D.(Phys.-Math.), Leading Research Scientist, 

Institute for Systems Analysis of FRC CSC RAS (Moscow)

E-mail: danilenko@isa.ru

E.V. Pashkina – Leading Programmer, 

Institute for Systems Analysis of FRC CSC RAS (Moscow)

E-mail: pashkina@isa.ru

M.A. Pashkin – Research Scientist, 

Institute for Systems Analysis of FRC CSC RAS (Moscow)

E-mail: pashkin@isa.ru

A.A. Podrabinovich – Leading Programmer, 

Institute for Systems Analysis of FRC CSC RAS (Moscow)

E-mail: podrabinovich@isa.ru

A.V. Soloviev – Dr.Sc.(Eng.), Deputy Director for Research, 

Institute for Systems Analysis of FRC CSC RAS (Moscow)

E-mail: soloviev@isa.ru

I.V. Tumanova – Leading Programmer, 

Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: tumanova-irin@mail.ru

Abstract:

This paper continues a series of articles under the general title «An Approach to Automating Business Processes of a Scientific Organization», in which the team of authors considers various aspects of the digitization of the activities of both research institutes and other categories of enterprises and organizations.

All automated information systems (AIS) work with data sets that are generated and processed according to the rules defined by the functionality of these AIS. In such cases, they usually talk about information objects, bearing in mind that each such object represents a certain self-contained entity, for example, a payroll or an invoice for accounting systems. These datasets are specific for each applied AIS, but if we talk about the development and implementation of an integrated management system (KSU) that combines all currently operating, as well as promising, programs into a single software package, it will be necessary to formalize the concept of an information object to ensure KSU works with information of all external systems connected to it.

In the case of KSU implementation, it becomes possible to implement a unified approach to user registration with the subsequent implementation of a unified access control policy. To this end, it is advisable to create a database of accounts based on the corporate network database. Unlike most organizations, employees of research teams can be part of several divisions, and this is not a deviation from the rules, namely the norm. In addition to divisions in the usual hierarchy – departments, departments, laboratories, sectors, etc., employees can be members of editorial departments, scientists and dissertation councils, etc. This feature should be taken into account when designing a database of users of the KSU, assigning access rights to information objects of both the KSU and applied AIS.

If the information transmitted between the AIS, is made in the form of objects KSU, can be implemented a unified access control system throughout the organization. For KSU objects, access lists are most appropriate to form using identifiers of a single organization database. This approach allows you to automate the assignment of rights in the transfer of information. Mandate access control can be fully implemented by means of AIS. This means that when a user logs on to a domain, his work session is assigned the maximum level of confidentiality available in the domain, and the actual level of confidentiality, which determines his rights to act with information objects, is chosen by him when working in the applied AIS.

In the case of KSU implementation in an organization, all the usual requirements for hardware and general software should be met, in particular, trusted OS and DBMS should be used. Means KSU can be implemented many means of protection, in particular, information integrity monitoring, logging, electronic signatures, alerts and locks.

Pages: 20-31
References
  1. Akimova G.P., Danilenko A.Yu., Pashkina E.V., Pashkin M.A., Podrabinovich A.A., Solov’ev A.V., Tumanova I.V. Podkhod k avtomatizatsii delovykh protsessov nauchnoy organizatsii. Chast’ 1. Osobennosti avtomatiziruemykh vidov deyatel’nosti. Sistemy vysokoy dostupnosti. 2019. T. 15. № 1. S. 14−20. (In Russian).
  2. Ob utverzhdenii trebovaniy o zashchite informatsii, ne sostavlyayushchey gosudarstvennuyu taynu, soderzhashcheysya v gosudarstvennykh informatsionnykh sistemakh. Prikaz FSTEK Rossii ot 11 fevralya 2013 g. № 17. (In Russian).
  3. Sredstva vychislitel’noy tekhniki. Zashchita ot nesanktsionirovannogo dostupa k informatsii. Pokazateli zashchishchennosti ot nesanktsionirovannogo dostupa k informatsii. Rukovodyashchiy dokument FSTEK Rossii. Utverzhdeno resheniem predsedatelya Gosudarstvennoy tekhnicheskoy komissii pri Prezidente RF ot 30 marta 1992 g. (In Russian).
  4. Avtomatizirovannye sistemy. Zashchita ot nesanktsionirovannogo dostupa k informatsii. Klassifikatsiya avtomatizirovannykh sistem i trebovaniya po zashchite informatsii. Rukovodyashchiy dokument FSTEK Rossii. Utverzhdeno resheniem predsedatelya Gosudarstvennoy tekhnicheskoy komissii pri Prezidente RF ot 30 marta 1992 g. (In Russian).
  5. Ob elektronnoy podpisi. Federal’nyy zakon ot 6 aprelya 2011 g. № 63-FZ. (In Russian).
  6. Akimova G.P., Danilenko A.Yu., Pashkin M.A., Pashkina E.V., Podrabinovich A.A. Osobennosti ispol’zovaniya elektronnoy podpisi v zashchishchennykh informatsionnykh sistemakh. Problemy informatsionnoy bezopasnosti. Komp’yuternye sistemy. 2017. № 4. S. 95−101. (In Russian).
  7. Akimova G.P., Danilenko A.Yu. Kontseptsiya elektronnogo dokumentooborota v raspredelennoy informatsionnoy srede. Intellektual’nye informatsionnye tekhnologii. Kontseptsii i instrumentariy. Sb. trudov Instituta sistemnogo analiza RAN. 2005. (In Russian).
  8. O gosudarstvennoy tayne. Zakon RF ot 21 iyunya 1993 g. № 5485-1 s izmeneniyami i dopolneniyami. URL = http:// www.consultant.ru/document/cons_doc_LAW_2481/. (In Russian).
Date of receipt: 17 июня 2019 г.