About One Approach to the Selection of Information Protection Facilities

Abstract

Much attention in the sphere of information technology is paid to the aspects of information security, due to the growing damage. As a result of damage increase, there is a quantitative and qualitative growth in the market of software and hardware for information security. At the same time, new alternatives to existing information security tools are being developed, as well as means of protection against new vectors of attacks associated, for example, with the spread of the concept of ‘Internet of things’, big data and cloud technologies. At the same time, the analysis of information security incidents at enterprises that actively use information security tools shows that the use of information security systems does not provide the required level of protection for information objects that remain susceptible to attacks. According to recent studies, the share of corporate systems in the Russian Federation containing critical vulnerabilities associated with incorrect configuration of information security systems makes up more than 80 %. At the same time, the costs of Russian companies to ensure information security are increasing by an average of 30 % per year. The article presents current problems related to the conflicting requirements to the design of complex information security systems (CISS). The authors suggest an approach to selection and configuration of the CISS facilities based on the role model of M. Belbin in the interpretation of the CISS as a command that will allow building an integrated information protection circuit. The cases of manifestation of synergism and emergence, which ensure the effective functioning of the system, have been described.