Типовые офтальмологические информационные системы, являющиеся объектами критической информационной инфраструктуры

Abstract

Relevance. According to the law « the security of critical information infrastructure of the Russian Federation» 26.07.2017 No. 187-FZ information systems used in ophthalmology can be classified as significant objects of critical information infrastructure if a targeted computer attack can cause serious damage (assessed by five significance indicators). The study considers common objects of critical information infrastructure in the healthcare sector, analyzes typical ophthalmic automated control systems, assesses actual offenders for these systems and the consequences of the implementation of information security threats by them, based on which refined criteria are developed for classifying objects as significant. Purpose. Analysis of typical processes of information systems in the field of ophthalmology. Justification of the choice of systems belonging to the category of «critical». Material and methods. Common objects of critical information infrastructure in automated control systems is carried out. Results. An assessment of actual violators for information systems in the field of ophthalmology was carried out. The consequences of security breaches are identified, based on which refined criteria are developed for classifying objects as significant. Conclusion. The first step in the categorization process is to determine the list of objects (information systems) that are most critical in terms of the consequences of computer attacks for the functioning of a critical infrastructure subject. Not all enterprise information systems provide critical information processes and have signs of a significance category. Keywords: critical information infrastructure, healthcare sector, ophthalmology, information security threats, intruder model, categorization criteria