Abstract
This paper provides a direct analysis of existing methods for assessing the security of significant objects of critical information infrastructure, a review of their legislative framework and existing means of protecting information from unauthorized access. Such an analysis is necessary to solve problems related to the development of an integrated approach to assessing the security of significant objects of critical information infrastructure. The main guiding documents and orders of the FSTEC of Russia, Federal Law No. 187-FZ of July 26, 2017 "On the security of the CII of the Russian Federation" were considered. The modern market of means of protecting information from unauthorized access was analyzed. For convenience, all comparative criteria were divided into categories: general information; system requirements (minimum); supported automated workstations and servers based on well-known secure operating systems; the level of certification according to the safety requirements of the FSTEC of Russia; deployment of a protection system; component updates; the main functions of the means of protecting information from unauthorized access; clearing information; additional protection modules; centralized management and reporting; possibility of integration; licensing. The four most popular Russian groups of means of protecting information from unauthorized access were selected to participate in the comparison: Secret Net Studio; Dallas Lock 8.0-K; Diamond ACS; Blockhost Network 2.0. In order to identify methods for assessing the security of significant objects of critical information infrastructure, national standards of Russia and scientific periodicals were considered. It is shown that the methodological support of this segment of safety is not at the proper level.
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.