350 руб
Журнал «Системы высокой доступности» №2 за 2009 г.
Статья в номере:
Методика оценки целесообразности внедрения системы управления идентификационной информацией (IDM) на предприятии
Ключевые слова: управление идентификационной информацией информационная безопасность информационная технология инфраструктура предприятия
Авторы:
М.В. Тимонин - аспирант кафедры 29 Московского инженерно-физического института. E-mail: gblive@gmail.com В.С. Лаврентьев - к.т.н., доцент Московского инженерно-физического института. E-mail: vslavr@gmail.com
Аннотация:
Предложена новая методика, сочетающая системный анализ риска информационной безопасности (ИБ) с рассмотрением воздействия на эксплуатационную эффективность, и проведена комплексная оценка риска, сопровождающего процесс внедрения.
Страницы: 17-30
Список источников
  1. Joseph Pato Identity Management: Setting Context, Trusted Systems Laboratory, HP Laboratories Cambridge, HPL-2003-72, 2003.
  2. Sun ROI calculator http://www.sun.com/software/media/flash/demo_identity/roi_calc.html.
  3. Barry W. Boehm Software Risk Management:Principles and Practices // IEEE Software. January 1991. V. 8. I. 1. P. 32 - 41.
  4. ISO 27005 Information technology - Security techniques - Information security risk management.
  5. NIST SP 800-30 Risk Management Guide for Information Technology Systems.
  6. BS 7799-3 Information Security Management Systems - Guidelines for Information Security Risk Management.
  7. Alter S., Sherer S. A general, but readily adaptable model of information system risk // Communications of Association for Information Systems. 2004. V. 14. P. 1 - 28.
  8. Rainer R. K., Snyder C. A. and Carr H. H. Risk Analysis for information technology // Journal of Management Information Systems. 1991. V. 8. N. 1. P. 129 - 147.
  9. Lili Sun, Rajendra P. Srivastava, Theodore J. Mock An Information Systems Security Risk Assessment Model under Dempster-Shafer Theory of Belief Functions // Journal of Management Information Systems.  Spring 2006. V. 22. N. 4. P. 109 - 142.
  10. Shafer G. A Mathematical Theory of Evidence, Princeton. N.J.: Princeton University Press. 1976.
  11. Douglass J. Landoll The Security Risk Assessment Handbook // Auerbach publications. 2006
  12. NIST SP 800-53a  Guide for Assessing the Security Controls in Federal Information Systems.
  13. NIST SP 800-55 Performance Measurement Guide for Information Security.
  14. NIST SP 800-80 Guide for Developing Performance Metrics for Information Security.
  15. Debra S. Herrmann Complete Guide to Security and Privacy Metrics. Auerbach publications. 2007
  16. Oracle whitepaper - Identity management: easing the cost of compliance http://www.oracle.com/products/middleware/docs/idm-easing-compliance.pdf.
  17. Financial Executives International - FEI Survey: Average 2007 SOX Compliance Cost $1.7 Million  http://fei.mediaroom.com/index.php-s=43&item=204
  18. SAE JA 1004 Software Supportability Program Standard (July 1998 - Reaffirmed November 2003).
  19. SAE JA 1005 Software Supportability Program Implementation Guide (May 2001 - Reaffirmed November 2003).
  20. SAE JA 1006 Software Support Concept (June 1999 - Reaffirmed November 2003).
  21. Swanson E. B. and Beath C. M. Maintaining Information Systems in Organizations. New York: John Wiley and Sons. 1989.
  22. W. Michael McCracken, Elizabeth Mynatt, Christopher Smith, J.F. Nunamaker, Ai-Mei Chang, Titus Purdin, Richard Orwig, Amit Vyas The Software Support Qualitative Assessment Methodology. V. II. The Review of Metrics for Developing an Information Systems Support Measurement Framework. 1991
  23. U. S. Department of Defense. Test and Evaluation of System Reliability, Availability, and Maintainability: A Primer, DoD Directive 3235.1-H (March 1982).
  24. Masha Khmartseva The Radicati Group, Inc - Reducing Costs and Improving Productivity with an Identity Management Suite, 2006. http://www.oracle.com/dm/07h1field/wp_radicati_idm_v3.pdf.
  25. Портрет системного администратора в цифрах http://hh.ru/contents/publication.do-publicationId=1787.
  26. Sarbanes-Oxley Act of 2002, http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi-dbname=107_cong_bills&docid=f:h3763enr.tst.pdf.
  27. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/HIPAALaw.pdf.
  28. Gramm-Leach-Biley Act(GLBA). 1999. http://banking.senate.gov/conf/confrpt.htm.
  29. BASEL II  International Convergence of Capital Measurement and Capital Standards: A Revised Framework, 2006. http://www.bis.org/publ/bcbs128.pdf.