О МОДЕЛЯХ И МЕТОДАХ ВЕРОЯТНОСТНОГО АНАЛИЗА ЗАЩИТЫ ИНФОРМАЦИИ В СТАНДАРТИЗОВАННЫХ ПРОЦЕССАХ СИСТЕМНОЙ ИНЖЕНЕРИИ

Abstract

Purpose: rational and description of the methodological apparatus of system engineering in terms of risk prediction, taking into account the requirements for information protection. Research methods include: methods of probability theory, risk-oriented models for predictive analysis of standardized processes of system engineering. Result: interrelated models and methods systematized for use in the planning and implementation of standardized processes of system engineering are described. Their use makes it possible to analyze the impact of information security in terms of predicted risks. Methods and models are implemented in a set of system engineering standards and analytically support the effective implementation of agreement, organizational project- enabling, technical management and technical processes according to GOST R 57193 (ISO/IEC/IEEE 15288) in relation to systems for various purposes (a total of 30 processes). The proposed models and methods of system analysis of information security in standardized processes of system engineering develop established approaches to risk prediction, ensuring and improving system security. The use of the proposed models and methods in the life cycle of systems helps to identify «bottlenecks», rational ways to reduce risks in the implemented standardized processes, taking into account the requirements for information protection, supports the making decisions in analytical problems of system engineering. Scientific novelty: the proposed methodological apparatus develops the existing approaches to risk prediction, ensuring and improving systems security. The ideas are implemented in the national standards GOST R 59329 – GOST R 59357. They allow enterprises to move to the pragmatic implementation of a risk-based approach using the analytical capabilities of solving inverse problems of effective security control, based on the specified level of acceptable risk.