Анализ методического и технического обеспечения процедур оценивания защищенности значимых объектов критической информационной инфраструктуры от несанкционированного доступа

Abstract

This paper provides a direct analysis of existing methods for assessing the security of significant objects of critical information infrastructure, a review of their legislative framework and existing means of protecting information from unauthorized access. Such an analysis is necessary to solve problems related to the development of an integrated approach to assessing the security of significant objects of critical information infrastructure. The main guiding documents and orders of the FSTEC of Russia, Federal Law No. 187-FZ of July 26, 2017 "On the security of the CII of the Russian Federation" were considered. The modern market of means of protecting information from unauthorized access was analyzed. For convenience, all comparative criteria were divided into categories: general information; system requirements (minimum); supported automated workstations and servers based on well-known secure operating systems; the level of certification according to the safety requirements of the FSTEC of Russia; deployment of a protection system; component updates; the main functions of the means of protecting information from unauthorized access; clearing information; additional protection modules; centralized management and reporting; possibility of integration; licensing. The four most popular Russian groups of means of protecting information from unauthorized access were selected to participate in the comparison: Secret Net Studio; Dallas Lock 8.0-K; Diamond ACS; Blockhost Network 2.0. In order to identify methods for assessing the security of significant objects of critical information infrastructure, national standards of Russia and scientific periodicals were considered. It is shown that the methodological support of this segment of safety is not at the proper level.