Анализ стандартов обеспечения информационной безопасности

Abstract

The purpose of the work is to systematize the available knowledge about information security models presented in standards and scientific research to solve the problem of labor intensity: analysis and selection of an information security model relevant to the information infrastructure of the enterprise; and assessment of the current level of information security of the enterprise. When in identifying and analyzing the information security models used, standards, regulatory legal acts and scientific research in the field of information security are considered within the framework of this work. The systematization of knowledge about information security models was carried out with the help of analysis of standards, scientific research, normative legal acts on information security; identifying common properties of information security models; grouping criteria and evidence confirming the implementation of information security measures by common signs; identifying ways to automate the assessment of the current level of information security. In the course of the work: the main criteria of the information security model were identified; a list of certificates was formed that allow monitoring the implementation of information security measures; common features of criteria, certificates sufficient for grouping were revealed; types of certificates were identified; an algorithm for assessing the current level of information security of an enterprise was formed; methods of automatization of collecting information about models of information security used by an enterprise and evidence of the implementation of information security measures were identified . This work systematizes knowledge about the existing models and allows analyzing the criteria of information security without a need to study all the standards and scientific papers considered in this work, which reduces the labor intensity of the analysis and selection of an information security model relevant to the information infrastructure of an enterprise. The results of this work will be applied to identify the possibility of automating the assessment of the current level of information security of an enterprise.