350 rub
Journal Information-measuring and Control Systems №10 for 2015 г.
Article in number:
Data security at their processing within the information system of preferential medicinal maintenance Krasnodar region
Keywords:
information security
personal data protection
the threat model
preferential medicinal maintenance
Authors:
A.A. Koshkarov - Post-graduate Student, Kuban State University, Krasnodar city, Russia. E-mail: Koshkarov17@yandex.ru
S.V. Lyskov - Head of information security, Medical Centre for Information and Analysis of the Ministry of Health Care of Krasnodar Region, Krasnodar city, Russia. E-mail: slyskov@miackuban.ru
A.A. Khalafyan - Ph.D. (Eng.), Professor, Department of computer technology and applied mathematics faculty, Kuban State University, Krasnodar city. E-mail: khaliphyan@kubannet.ru
Abstract:
The article raises the problem of information security in the sphere of preferential provision of medicines on the territory of Krasnodar region. The scientific direction of the work is protection against unauthorized access. The article provides an overview of existing methods to ensure the protection of personal data. The article suggests the model of threats to security of the information system in the sphere of preferential medicinal provision of Krasnodar region. The investigation results in identification of the existing actual threats and in recommendation of preventive measures.
One of the basic measures to ensure the security of personal data is the identification of security threats at their processing in information systems of personal data and the protection level of personal data. Given the special social importance of the establishment and functioning of a unified software product with the capabilities of the prescriptions, service, inventory management and supervising the implementation of programs of preferential provision of medicines, the problem of information security in this area is especially important.
The aim of the studying is to identify the current security threats to ensure the protection of personal data during their automated processing in the field of preferential medicinal maintenance of the Krasnodar region, to develop a scheme of business processes of identify relevant threats in similar information systems.
The study developed a threat model that includes a description of a potential intruder and actual threats to the security of personal data, taking into account the peculiarities of the existing information system of «Preferential medicinal maintenance» of Medical Centre for Information and Analysis of the Ministry of Health Care of Krasnodar Region.
The developed threat model includes a description of activities carried out: building a model of the offender; identification of the initial level of security of information system «Preferential medicinal maintenance»; identification of probability, feasibility, risks and relevance of each threat; possible measures of overcoming the actual threats.
Thus, there are two main threats to the security of personal data in the information system of «Preferential medicinal maintenance», which relate to threats of random user-s actions and intentional actions of insiders.
The results of the conducted research gave an overview of the protection of personal data in the information system of «Preferential medicinal maintenance», allowed to reveal the vulnerabilities and prospects for further development in the direction of information pro-tection. They can be used to write administrative documents regulating the processing of personal data, including job descriptions and regulations.
Pages: 63-68
References
- Federalnyjj zakon ot 27 ijulja 2006 g. N 152-FZ «O personalnykh dannykh».
- «Metodika opredelenija aktualnykh ugroz bezopasnosti personalnykh dannykh pri ikh obrabotke v ISPDn», utverzhdjonnaja FSTEHK Rossii 14 fevralja 2008 goda.
- Postanovlenie Pravitelstva Rossijjskojj Federacii ot 1 nojabrja 2012 goda № 1119.
- Prikaz FSTEHK Rossii ot 18 fevralja 2013 g. № 21 «Ob utverzhdenii Sostava i soderzhanija organizacionnykh i tekhnicheskikh mer po obespecheniju bezopasnosti personalnykh dannykh pri ikh obrabotke v informacionnykh sistemakh personalnykh dannykh».
- «Metodicheskie rekomendacii po obespecheniju s pomoshhju kriptosredstv bezopasnosti personalnykh dannykh pri ikh obrabotke v informacionnykh sistemakh personalnykh dannykh s ispolzovaniem sredstv avtomatizacii», utverzhdjonnye FSB Rossii 21 fevralja 2008 goda № 149/54-144.
- «Bazovaja model ugroz bezopasnosti personalnykh dannykh pri ikh obrabotke v informacionnykh sistemakh personalnykh dannykh», utverzhdennaja FSTEHK Rossii 15 fevralja 2008 goda.