Abstract

The purpose of the work is to systematize the available knowledge about information security models presented in standards and scientific research to solve the problem of labor intensity: analysis and selection of an information security model relevant to the information infrastructure of the enterprise; and assessment of the current level of information security of the enterprise. When in identifying and analyzing the information security models used, standards, regulatory legal acts and scientific research in the field of information security are considered within the framework of this work. The systematization of knowledge about information security models was carried out with the help of analysis of standards, scientific research, normative legal acts on information security; identifying common properties of information security models; grouping criteria and evidence confirming the implementation of information security measures by common signs; identifying ways to automate the assessment of the current level of information security. In the course of the work: the main criteria of the information security model were identified; a list of certificates was formed that allow monitoring the implementation of information security measures; common features of criteria, certificates sufficient for grouping were revealed; types of certificates were identified; an algorithm for assessing the current level of information security of an enterprise was formed; methods of automatization of collecting information about models of information security used by an enterprise and evidence of the implementation of information security measures were identified . This work systematizes knowledge about the existing models and allows analyzing the criteria of information security without a need to study all the standards and scientific papers considered in this work, which reduces the labor intensity of the analysis and selection of an information security model relevant to the information infrastructure of an enterprise. The results of this work will be applied to identify the possibility of automating the assessment of the current level of information security of an enterprise.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.