Features of mathematical rationale for a complex datа security system of a medical enterprise

Abstract

The article is dedicated to the analysis of data protection issues, particularly personal data, in medical institutions of various ownership forms. The necessity of implementing comprehensive data security systems is justified by the Bell-LaPadula model, which is considered a foundation for the development of a complex data security system within the enterprise. The Bell-LaPadula model represents an access control system based on a hierarchical data access structure. How-ever, using a rigid hierarchical approach when building an information infrastructure of an en-terprise based on this model, taking into account different levels of information confidentiality, might not account for the possibility of insider intervention at higher levels. The article analyz-es the key aspects of this model, including assigning special security levels to all participants in data processing and to documents containing the protected data. To ensure security and access regulation based on an adapted model, individual access levels that correspond to each user’s responsibilities and confidentiality level are proposed for them. After implementing a compre-hensive system for protecting confidential data and assigning special security levels to all par-ticipants in the processing of protected data and documents, a clear differentiation of ownership rights to information of different values emerged. This facilitates further expansion of the circle of employees with access to this information, reduces access time, and forms informational and analytical reports on access control system performance. The use of the hierarchical Bell-LaPadula access model allows for effective control over access to the information system and ensures overall enterprise security.