350 руб
Журнал «Системы высокой доступности» №2 за 2009 г.
Статья в номере:
Методика оценки целесообразности внедрения системы управления идентификационной информацией (IDM) на предприятии
Ключевые слова:
управление идентификационной информацией
информационная безопасность
информационная технология
инфраструктура предприятия
Авторы:
М.В. Тимонин - аспирант кафедры 29 Московского инженерно-физического института. E-mail: gblive@gmail.com
В.С. Лаврентьев - к.т.н., доцент Московского инженерно-физического института. E-mail: vslavr@gmail.com
Аннотация:
Предложена новая методика, сочетающая системный анализ риска информационной безопасности (ИБ) с рассмотрением воздействия на эксплуатационную эффективность, и проведена комплексная оценка риска, сопровождающего процесс внедрения.
Страницы: 17-30
Список источников
- Joseph Pato Identity Management: Setting Context, Trusted Systems Laboratory, HP Laboratories Cambridge, HPL-2003-72, 2003.
- Sun ROI calculator http://www.sun.com/software/media/flash/demo_identity/roi_calc.html.
- Barry W. Boehm Software Risk Management:Principles and Practices // IEEE Software. January 1991. V. 8. I. 1. P. 32 - 41.
- ISO 27005 Information technology - Security techniques - Information security risk management.
- NIST SP 800-30 Risk Management Guide for Information Technology Systems.
- BS 7799-3 Information Security Management Systems - Guidelines for Information Security Risk Management.
- Alter S., Sherer S. A general, but readily adaptable model of information system risk // Communications of Association for Information Systems. 2004. V. 14. P. 1 - 28.
- Rainer R. K., Snyder C. A. and Carr H. H. Risk Analysis for information technology // Journal of Management Information Systems. 1991. V. 8. N. 1. P. 129 - 147.
- Lili Sun, Rajendra P. Srivastava, Theodore J. Mock An Information Systems Security Risk Assessment Model under Dempster-Shafer Theory of Belief Functions // Journal of Management Information Systems. Spring 2006. V. 22. N. 4. P. 109 - 142.
- Shafer G. A Mathematical Theory of Evidence, Princeton. N.J.: Princeton University Press. 1976.
- Douglass J. Landoll The Security Risk Assessment Handbook // Auerbach publications. 2006
- NIST SP 800-53a Guide for Assessing the Security Controls in Federal Information Systems.
- NIST SP 800-55 Performance Measurement Guide for Information Security.
- NIST SP 800-80 Guide for Developing Performance Metrics for Information Security.
- Debra S. Herrmann Complete Guide to Security and Privacy Metrics. Auerbach publications. 2007
- Oracle whitepaper - Identity management: easing the cost of compliance http://www.oracle.com/products/middleware/docs/idm-easing-compliance.pdf.
- Financial Executives International - FEI Survey: Average 2007 SOX Compliance Cost $1.7 Million http://fei.mediaroom.com/index.php-s=43&item=204
- SAE JA 1004 Software Supportability Program Standard (July 1998 - Reaffirmed November 2003).
- SAE JA 1005 Software Supportability Program Implementation Guide (May 2001 - Reaffirmed November 2003).
- SAE JA 1006 Software Support Concept (June 1999 - Reaffirmed November 2003).
- Swanson E. B. and Beath C. M. Maintaining Information Systems in Organizations. New York: John Wiley and Sons. 1989.
- W. Michael McCracken, Elizabeth Mynatt, Christopher Smith, J.F. Nunamaker, Ai-Mei Chang, Titus Purdin, Richard Orwig, Amit Vyas The Software Support Qualitative Assessment Methodology. V. II. The Review of Metrics for Developing an Information Systems Support Measurement Framework. 1991
- U. S. Department of Defense. Test and Evaluation of System Reliability, Availability, and Maintainability: A Primer, DoD Directive 3235.1-H (March 1982).
- Masha Khmartseva The Radicati Group, Inc - Reducing Costs and Improving Productivity with an Identity Management Suite, 2006. http://www.oracle.com/dm/07h1field/wp_radicati_idm_v3.pdf.
- Портрет системного администратора в цифрах http://hh.ru/contents/publication.do-publicationId=1787.
- Sarbanes-Oxley Act of 2002, http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi-dbname=107_cong_bills&docid=f:h3763enr.tst.pdf.
- HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/HIPAALaw.pdf.
- Gramm-Leach-Biley Act(GLBA). 1999. http://banking.senate.gov/conf/confrpt.htm.
- BASEL II International Convergence of Capital Measurement and Capital Standards: A Revised Framework, 2006. http://www.bis.org/publ/bcbs128.pdf.