S.S. Veligodskiy1, N.G. Miloslavskaya2
1,2 National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) (Moscow, Russia)
The article is devoted to the consideration of the proposed approach to assessing the level of maturity of the Nnetwork Security Center (NSC), created by organizations – subjects of critical information infrastructure (CII) as part of information and telecommunication networks (ITCN) in accordance with the Decree of the President of the Russian Federation dated May 1, 2022 No. 250. In order to be effective and operate sustainably, the NSC should demonstrate a high level of maturity that meets the information security (IS) requirements for its owner organization. At present, there is no single approach to assessing the maturity level of such NSCs, but it would allow the organization to outline possible ways for NSC improvement, and the authorized bodies conducting such an assessment to have a single methodological basis.
The NSC is presented as a structure with special functions and maximum capabilities for Network Security Management (NSM) of ITCN based on a comprehensive and systematic review of the NSC components that provide the NSM, namely, organizational support, NSM processes, NSM services provided to consumers, technologies used and staffing. A brief description of each of the NSC supporting parts is given. The results of the assessment of each of the areas should be taken into account when establishing the maturity level of the NSC as a whole and making a decision on its improvement.
The results obtained can be used in the development of a model for NSC maturity level assessment, in which the NSC supporting components are considered as the main assessment areas.
Veligodskiy S.S., Miloslavskaya N.G. Approach to assessing network security centers’ maturity level. Highly Available Systems. 2023.
V. 19. № 2. P. 25−37. DOI: https://doi.org/ 10.18127/j20729472-202204-02 (in Russian)
- O bezopasnosti kriticheskoj informacionnoj infrastruktury Rossijskoj Federacii: Federal'nyj zakon ot 26 iyulya 2017 g. № 187-FZ: prinyat Gos. Dumoj 12 iyulya 2017 g.; odobren Sovetom Federacii 19 iyulya 2017 g. 2017. 20 s. (in Russian).
- Ukaz Prezidenta Rossijskoj Federacii ot 1 maya 2022 g. № 250 «O dopolnitel'nyh merah po obespecheniyu informacionnoj bezopasnosti Rossijskoj Federacii» (in Russian).
- GOST R ISO/MEK 27033-1-2011 Informacionnaya tekhnologiya (IT). Metody i sredstva obespecheniya bezopasnosti. Bezopasnost' setej. Chast' 1. Obzor i koncepcii. Vved. 2012-01-01. M.: Standartinform. 2012. 73 s. (in Russian).
- ISO/IEC/IEEE 15939:2017 Systems and software engineering — Measurement process. 2017. 39 p.
- Crowley C., Filkins B. A SANS 2022 SOC Survey. SANS, 2022. URL: https://www.sans.org/white-papers/sans-2022-soc-survey (data obrashcheniya: 09.04.2023).
- Crowley C., Pescatore J. The Definition of SOC-cess? SANS 2018 Security Operations Center Survey. SANS, 2018. URL: https://www.arista.com/assets/data/pdf/Whitepapers/Survey-SOC-2018-AwakeSecurity.pdf (data obrashcheniya: 09.04.2023).
- Miloslavskaya N.G. Nauchnye osnovy postroeniya centrov upravleniya setevoj bezopasnost'yu v informacionno-telekommunikacionnyh setyah. M.: Goryachaya Liniya – Telekom. 2021. 431 s. (in Russian).
- Kurilo A.P., Miloslavskaya N.G., Tolstoj A.I., Senatorov M.Yu. Osnovy upravleniya informacionnoj bezopasnost'yu: Ucheb. posobie dlya vuzov. V 5 knigah. Kniga 1. Izd. 2-e, ispr. M.: Goryachaya Liniya – Telekom. 2016. 244 s. (Ser.: Voprosy upravleniya informacionnoj bezopasnost'yu) (in Russian).
- GOST R 57580.1-2017 Bezopasnost' finansovyh (bankovskih) operacij. Zashchita informacii finansovyh organizacij. Bazovyj sostav organizacionnyh i tekhnicheskih mer. Vved. 2018-01-01. M.: Standartinform. 2020. 62 s. (in Russian).
- ISO/IEC 27022-2021 Information technology — Guidance on information security management system processes. 2021. 43 p.
- GOST R ISO/MEK 20000-1-2013 Informacionnaya tekhnologiya. Upravlenie uslugami. Chast' 1: Trebovaniya k sisteme upravleniya uslugami. Vved. 2015-01-01. M.: Standartinform. 2014. 24 s. (in Russian).
- GOST R 50646-2012 Uslugi naseleniyu. Terminy i opredeleniya. Vved. 2014-01-01. M.: Standartinform. 2014. 8 s. (in Russian).
- GOST R ISO 9000-2015 Sistemy menedzhmenta kachestva. Osnovnye polozheniya i slovar'. Vved. 2015-11-01. M.: Standartinform. 2015. 48 s. (in Russian).
- GOST R 53114-2008 Zashchita informacii. Obespechenie informacionnoj bezopasnosti v organizacii. Osnovnye terminy i opredeleniya. Vved. 2009-10-01. M.: Standartinform. 2009. 20 s. (in Russian).
- Zyryanov M. Servisnyj podhod k informacionnoj bezopasnosti. OSP, 2013. URL: https://www.osp.ru/cio/2013/01/13033706 (data obrashcheniya: 09.04.2023) (in Russian).
- Os V.R. SOC-CMM: Designing and Evaluating a Tool for Measurement of Capability Maturity in Security Operations Centers. Master Thesis, Information Security Program. Luleå University of Technology, 2016. 75 p.
- Three Levels of SOC Maturity: Steps for Continual Service Improvement. Huntsman, 2018. URL: https://www.huntsmansecurity.com/blog/three-levels-of-soc-maturity-steps-for-continual-service-improvement/ (data obrashcheniya: 09.04.2023).
- Sarybekov M.N., Sydyknazarov M.K. Slovar' nauki. Obshchenauchnye terminy i opredeleniya, naukovedcheskie ponyatiya i kategorii: Ucheb. posobie. Izd. 2-e, dop. i pererab. Almaty: TRIUMF-T, 2008. 504 s. (in Russian).
- Kemerov V.E., Azarenko S.A., Kerimov T.H. Sovremennyj filosofskij slovar'. Akademicheskij prospekt, 2015. 823 s. (in Russian)
- GOST R 58771-2019 Menedzhment riska. Tekhnologii ocenki riska. Vved. 2020-03-01. M.: Standartinform, 2019. 86 s. (in Russian)
- Veligodskij S.S., Miloslavskaya N.G. Tekhnologii, obespechivayushchie funkcionirovanie Centrov upravleniya setevoj bezopasnost'yu informacionno-telekommunikacionnyh setej, i ocenka urovnya ih zrelosti. Vestnik sovremennyh cifrovyh tekhnologij. Iyun' 2023. № 15 (in Russian).
- Orion C. Security Operations Center Roles and Responsibilities. Exabeam, 2019. URL: https://www.exabeam.com/security-operations-center/security-operations-center-roles-and-responsibilities/ (data obrashcheniya: 09.04.2023).
- Role And Responsibilities of a SOC Analyst. Infosectrain, 2021. URL: https://www.infosectrain.com/blog/role-and-responsibilities-of-a-soc-analyst/ (data obrashcheniya: 09.04.2023).
- GOST R 59709-2022 Zashchita informacii. Upravlenie komp'yuternymi incidentami. Terminy i opredeleniya. Vved.: 2023-02-01. M.: Rossijskij institut standartizacii. 2022. 20 s.