Method for conceptualizing system studies of information security management systems

Authors

DOI:

https://doi.org/10.20535/2411-1031.2020.8.1.218012

Keywords:

information security management system, system studies, task ontology, system approach

Abstract

A method for conceptualizing system studies of information security management systems is proposed. Its development is based on a developed system approach by supplementing it with a model-oriented. This extension allowed to unify the ontological representation of system studies of information security management systems. First, identify the tasks as basic concepts and establish relations between them. Among them, four classes are defined: requirements analysis, function analysis, architecture synthesis, behavior synthesis. The inputs for requirements analysis are the needs of both internal and external stakeholders. They are followed by the correctness of requirements formulation, compliance with personal and group features. The relationships between the requirements for information security management systems are then determined.  The requirements specification is used as input data when analyzing the functions of information security management systems. For each of them the inputs, outputs, constraints, and resources are established. Such a representation allowed to justify the definition of options for the use of information security management systems. The implementation of options for using information security management systems is achieved by synthesizing the architecture. For this purpose, blocks are selected, each of which maps the corresponding elements of the architecture and establishes the relationships between them. Its functional usability is determined by synthesizing the behavior of information security management systems. The input data for solving this problem is their architecture. In this case, the behavior of an individual element (block) or the information security management system can be synthesized. This is achieved through activities, interactions, and state changes. Due to this, the functional suitability/unsuitability of the synthesized architecture is found following the requirements of stakeholders. Unified views of separate tasks of system research of information security management systems are achieved using the system modeling language. Based on the results obtained, it is possible to determine alternative architecture options and select the best among them in terms of their functional suitability.

Author Biographies

Volodymyr Mokhor, Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv

сorresponding member of the National
Academy of Sciences of Ukraine,
doctor of technical sciences, professor,
director

Vasyl Tsurkan, Institute of special communication and information protection National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv

candidate of technical sciences,
associate professor, associate professor
at the cybersecurity and application
of information systems and technologies
academic department

Oleksandr Bakalynskyi, Department of cyber protection of Administration of state serves of special communication and information protection of Ukraine, Kyiv

deputy director

Yaroslav Dorohyi, National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv

candidate of technical sciences,
associate professor, associate professor
at the automation and control in technical systems
academic department

References

V. V. Mokhor, V. V. Tsurkan, and O. O. Bakalynskyi, “Information security management system architecture”, in Proc. ХX Anniversary International Scientific Conference on Information Security in Information and Telecommunication Systems. Kyiv, 2018, pp. 38.

V. V. Mokhor, V. V. Tsurkan, Ya. Yu. Dorohyi, and Yu. M. Shtyfurak, “Information security management system architecturing”, in Proc. International Scientific Conference on Current issues of cybersecurity and information security, Kyiv, 2020. pp. 82-84.

International Organization for Standardization. (2011, March 01). ISO/IEC 25010, Systems and software engineering. Systems and software Quality Requirements and Evaluation (SQuaRE). System and software quality models. [Online]. Available: https://www.iso.org/standard/35733.html. Accessed on: Okt. 30, 2019.

I. V. Blauberg et al. (eds), Methodological problems of system research, Moskow : “Mysl”, 1970.

Academic explanatory dictionary of the Ukrainian language (1970-1980). [Online]. Available: http://sum.in.ua/. Accessed on: Okt. 30, 2019.

M. Komarov, and S. Gonchar, “Method of constructing information security management system for critical infrastructure”, Modeling and Information Technology, no. 81, pp. 12-19, 2017, [Online]. Available: http://nbuv.gov.ua/UJRN/Mtit_2017_81_4 Accessed on: Okt. 30, 2019.

M. Brunner, C. Sillaber, and R.Breu, “Towards Automation in Information Security Management Systems”, in Proc. IEEE International ConferenceSoftware Quality, Reliability and Security (QRS), Prague, 2017. pp. 160-167, doi: https://doi.org/10.1109/QRS. 2017.26.

V. Dudykevych, G. Mykytyn, and A. Rebets, “On the Problem of Complex Security System Management of Cyber-physical Systems”, The Journal of Lviv Polytechnic National University “Information Systems and Networks”, no. 901, pp. 10-21. 2018. [Online]. Available: http://ena.lp.edu.ua:8080/handle/ntb/44544. Accessed on: Okt. 30, 2019.

S. Fenz, and T. Neubauer, “Ontology-based information security compliance determination and control selection on the example of ISO 27002”, Information and Computer Security, vol. 26, iss. 5, pp. 551-567, 2018, doi: http://dx.doi.org/10.1108/ICS-02-2018-0020.

D. Proença, and J. Borbinha, “Information Security Management Systems – A Maturity Model Based on ISO/IEC 27001”, in Business Information Systems. Vol. 320. W. Abramowicz, A. Paschke (eds). Cham: Springer, 2018. pp. 102-114, 2018, doi: https://doi.org/10.1007/978-3-319-93931-5_8.

D. Babiichuk, and M. Turty “Investigation of the ship’s information security management system on the Petri net”, in Proc. International Scientific Conference on Information systems and technologies. Kharkiv, 2018. pp. 392-395. [Online]. Available: http://istconf.nure.ua/archive/ist_2018.pdf. Accessed on: Okt. 30, 2019.

M. Komarov, S. Gonchar, and A. Onyskova, “Legal aspects of construction and implementation of information security management system for critical infrastructure”, Modeling and Information Technology, no. 82, pp. 40–48, 2018. [Online]. Available: http://nbuv.gov.ua/UJRN/Mtit_2018_82_8. Accessed on: Okt. 30, 2019.

O. Yudin, R. Ziubina, and O. Matviichuk-Yudina, “The modern practices of implementation of the information security audit system on the critical infrastructure objects”, Science-Based Technologies, vol. 41, no. 1, pp. 36-43, 2019, doi: http://dx.doi.org/10.18372/2310-5461.41.13527.

M. Kolomytsev, S. Nosok, and R. Totskyi, “Comparative analysis of maturity models to evaluate information security”, Ukrainian information security research journal, vol. 21, no. 4, pp. 224-232, 2019, doi: https://doi.org/10.18372/2410-7840.21.14337.

V. Casola, R. Catelli, and A. D. Benedictis, “A First Step Towards an ISO-Based Information Security Domain Ontology”, in Proc. IEEE International Conference Enabling Technologies: Infrastructure for Collaborative Enterprises, Napoli, 2019. pp. 334-339, doi: https://doi.org/10.1109/WETICE.2019.00075.

I. Meriah, and L. B. A., “Rabai Comparative Study of Ontologies Based ISO 27000 Series Security Standards”, Procedia Computer Science, vol. 160, pp. 85-92, 2019, doi: https://doi.org/10.1016/j.procs.2019.09.447.

V. Diamantopoulou, A. Tsohou, and M. Karyda, “General Data Protection Regulation and ISO/IEC 27001:2013: Synergies of Activities Towards Organisations’ Compliance”, in Trust and Privacy in Digital Business. Vol. 11711, S.Gritzalis, E. Weippl, S. Katsikas, G. Anderst-Kotsis, A. Tjoa, I. Khalil (eds), Cham : Springer, 2019, pp. 94-109, doi: https://doi.org/10.1007/978-3-030-27813-7_7.

Downloads

Published

2020-07-09

How to Cite

Mokhor, V., Tsurkan, V., Bakalynskyi, O., & Dorohyi, Y. (2020). Method for conceptualizing system studies of information security management systems. Collection "Information Technology and Security", 8(1), 92–101. https://doi.org/10.20535/2411-1031.2020.8.1.218012

Issue

Vol. 8 No. 1 (2020)

Section

INFORMATION SECURITY RISK MANAGEMENT

License

Copyright (c) 2020 Collection "Information technology and security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).