DOI: https://doi.org/10.20535/2411-1031.2019.7.2.190569
Conceptual basis of description for the information security management system architecture
Abstract
Keywords
Full Text:
PDF (Українська)References
International Organization for Standardization. (2011, Febr. 1). ISO/IEC 42010, Systems and software engineering. Architecture description. Geneva, 2011, 46 p.
DP “UkrNDNTs”. (2015, Dec. 18). DSTU ISO/IEC 27001, Information technology. Security techniques. Information security management systems. Requirements. (ISO/IEC 27001:2013; Cor 1:2014, IDТ). Kyiv, 2016, 22 p.
E. Hall, K. Dzhekson, and Dzh. Dik, Requirements engineering. Moskow: DMK Press, 2017.
DP “UkrNDNTs”. (2015, Dec. 18). DSTU ISO/IEC 27002, Information technology. Security techniques. Code of practice for information security controls. (ISO/IEC 27002:2013; Cor 1:2014, IDТ). Kyiv, 2016, 72 p.
DP “UkrNDNTs”. (2017, Jan. 1). DSTU ISO/IEC 27005, Information technology. Security techniques. Information security risk management. (ISO/IEC 27005:2011, IDТ). Kyiv, 2016, 68 p.
International Organization for Standardization. (2018, Febr. 15). ISO 31000, Risk management. Guidelines. Geneva, 2018, 16 p.
Ministry for Development of Economy, Trade and Agriculture of Ukraine. (2014, July 1). DSTU IEC/ISO 31010, Risk management. Risk assessment techniques. (IEC/ISO 31010:2009, IDТ). Kyiv, 2015, 80 p.
National Institute of Standards and Technology. (2017, June 8). SP 800-12 Rev. 1, An Introduction to Information Security. [Online]. Available: https://csrc.nist.gov/ publications/ detail/sp/800-12/rev-1/final. Accessed on: June. 15, 2019.
National Institute of Standards and Technology. (2006, March 9). FIPS 200. Minimum Security Requirements for Federal Information and Information Systems. [Online]. Available: https://csrc.nist.gov/publications/detail/fips/200/final. Accessed on: June 15, 2019.
Bundesamt für Sicherheit in der Informationstechnik. BSI-Standard 200-1:2017. Managementsysteme für Informationssicherheit. [Online]. Verfügbar: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/ standard_200_1.html. Zugriff am: Juni 15, 2019.
Bundesamt für Sicherheit in der Informationstechnik. BSI-Standard 200-2:2017. IT-Grundschutz-Methodik. [Online]. Verfügbar: https://www.bsi.bund.de/SharedDocs/ Downloads/ DE/BSI/Grundschutz/Kompendium/standard_200_2.html. – Zugriff am: Juni 15, 2019.
V.V. Mokhor, V.V. Tsurkan, and O.O. Bakalynskyi, “Information security management system architecture”, in Proc. ХX Anniversary International Scientific Conference on Information Security in Information and Telecommunication Systems. Kyiv, 2018, pp. 38.
M. Komarov, S. Gonchar, A. Onyskova, “Legal aspects of construction and implementation of information security management system for critical infrastructure”, Modeling and Information Technology. no. 82, pp. 40–48, 2018.
M. Komarov, and S. Gonchar, “Method of constructing information security management system for critical infrastructure”, Modeling and Information Technology. no. 81, pp. 12–19, 2017.
V.V. Mokhor, O.O. Bakalynskyi, O.M. Bohdanov, and V.V. Tsurkan, “Descriptive analysis of analogies between information security management and queuing systems”, Zahist ìnformacìï, vol. 2, no. 2, pp. 119–126, 2017, doi: 10.18372/2410-7840.19.11435.
T.Y. Zyryanova, “Methods of risk assessment and forecasting in information systems”, in Proc. IХ International scientific-practical conference Integration of educational, scientific and educational activities in organizations of general and vocational education. Ekaterinburg, 2017, pp. 58–68.
А.А. Kornienko, and А.P. Glukhov, “Models and methods of risk-oriented proactive management of information security of the railway transport system”, Bulletin of Joint Scientifi c Council of JSC Russian Railways, no. 3, pp. 42–54, 2018.
B.B. Akhmetov, O.H. Korchenko, O.Ye. Arkhipov, and S.V. Kazmirchuk. Postroenie sistem analiza i otsenivaniya riskov informatsionnoy bezopasnosti. Teoriya i prakticheskie resheniya. Aktau, 2018.
V.M. Horytskyi, and A.V. Mokii, “Research methods of handling risks in information security management system”, in Proc. International Science and Technology Conference Telecommunication Perspectives. Kyiv, 2018, pp. 1–3.
A.G. Serova, “Analysis of the theoretical foundations and audit software tools for information security management system”, in Proc. conferences Socio-economic and natural-science paradigms of our time. Rostov-on-Don, 2018, pp. 829–837.
V.A. Boiprav, V.V. Kovalev, and L.L. Utin, “Software for audit of information protection system of the organization”, Doklady Belorusskogo gosudarstvennogo universiteta informatiki i radioèlektroniki, no. 5 (115), pp. 44–49, 2018.
O. Yudin, R. Ziubina, O. Matviichuk-Yudina, “The modern practices of implementation of the information security audit system on the critical infrastructure objects”, Science-Based Technologies, no. 1 (41), pp. 36–43, 2019, doi: 10.18372/2310-5461.41.13527.
V.A. Voevodin, “Conceptual model of information security auditobject”, Comp. Nanotechnol, no., 3, pp. 92–95, 2019, doi: 10.33693/2313-223X-2019-6-3-92-95.
Y. Dorogyy, V. Tsurkan, S. Telenyk, and O. Doroha-Ivaniuk, “А comparison enterprise architecture frameworks for critical IT infrastructure design”, Information Technology and Security, vol. 5, iss. 2 (9), pp. 90-118, 2017.

This work is licensed under a Creative Commons Attribution 4.0 International License.
ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)