Method for conceptualizing systematic studies of information security management systems

Abstract

A method for conceptualizing system studies of information security management systems is proposed. Its development is based on a developed system approach by supplementing it with a model-oriented. This extension allowed to unify the ontological representation of system studies of information security management systems. First, identify the tasks as basic concepts and establish relations between them. Among them, four classes are defined: requirements analysis, function analysis, architecture synthesis, behavior synthesis. The inputs for requirements analysis are the needs of both internal and external stakeholders. They are followed by the correctness of requirements formulation, compliance with personal and group features. The relationships between the requirements for information security management systems are then determined. The requirements specification is used as input data when analyzing the functions of information security management systems. For each of them the inputs, outputs, constraints, and resources are established. Such a representation allowed to justify the definition of options for the use of information security management systems. The implementation of options for using information security management systems is achieved by synthesizing the architecture. For this purpose, blocks are selected, each of which maps the corresponding elements of the architecture and establishes the relationships between them. Its functional usability is determined by synthesizing the behavior of information security management systems. The input data for solving this problem is their architecture. In this case, the behavior of an individual element (block) or the information security management system can be synthesized. This is achieved through activities, interactions, and state changes. Due to this, the functional suitability/unsuitability of the synthesized architecture is found following the requirements of stakeholders. Unified views of separate tasks of system research of information security management systems are achieved using the system modeling language. Based on the results obtained, it is possible to determine alternative architecture options and select the best among them in terms of their functional suitability.